NEWS
13/06/2018 11:01 BST | Updated 13/06/2018 11:30 BST

Dixons Carphone Reveals Huge Data Breach

The company says there's no evidence of fraud.

PA Wire/PA Images
Retailer Dixons Carphone said it has uncovered unauthorised access of data held by the company involving 5.9 million payment cards.

The firm behind Currys PC World and Carphone Warehouse has revealed a major breach of data affecting millions of customers.

Dixons Carphone said it had detected unauthorised access to 5.9 million customer cards and 1.2 million personal records.

In a statement on Wednesday, the company confirmed it was investigating an apparent attempt to access its payment processing systems at Currys PC World shops and Dixon Travel branches.

It said relevant card companies had been notified, but added that there was no evidence of fraud on the cards as a result of the incident.

Who has been affected?

At the moment, the firm has said 5.9m cards used at Currys PC World, found on the high street and retail parks, and Dixons Travel stores, often found in airports, are impacted.

The breach occurred in the past year, but before 25 May 2018.

What should you do?

The group intends to contact all those affected, but has sought to assure customers that it had found no evidence of fraud.

Affected banks have been notified too, so fraud departments will be on the look out for problems. None have been detected so far, the firm said. 

Where is the data now?

According to Dixons Carphone, none of the affected data left its systems. Yet the firm is advising all its customers to update protections like passwords just in case.

Do hackers know my PIN?

No. According to the company, no PINs or CVV codes, the security numbers on the back of cards, are among the data affected.

Some foreign cards which do not require a PIN code were affected, but affected banks have said no fraud was detected.

And what is the company saying?

Dixons Carphone chief executive Alex Baldock admitted the group had “fallen short” of its responsibility to protect customer data.

He said: “We are extremely disappointed and sorry for any upset this may cause.

“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Meanwhile, Britain’s data watchdog, the Information Commissioner’s Office (ICO) has said it has been informed of the breach and is investigating. 

The ICO has the power to fine Dixons Carphone, as it did in January when it issued a £400,000 penalty over a separate breach.