Dixons Carphone breach may have been bigger than originally thought

null

Dixons Carphone has revealed that millions of its customers could have been affected by a major data breach.

The electronics retailer has said that up to ten million users might have been hit by the attack, revealed last month, with details such as names, addresses and email accounts all revealed.

However the company says that no payment cards or bank account information was leaked, and that so far there is no evidence of its customers being hit by fraud.

"Disappointed"

The news comes as Dixons Carphone continues its investigation into a major cyber-attack that hit the business last year, but was not made public until last month.

The attack, which took place back in July 2017, affected data from 5.9 million credit cards following a breach in one of the processing systems used by both Currys PC World and Dixons Travel stores.

Since then, Dixons Carphone has been working with both cybersecurity experts and the National Crime Agency to help safeguard it against further attacks. 

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Dixons Carphone chief executive Alex Baldock said in a statement. 

"That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today."

"Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

The news saw Dixons Carphone come in for criticism from many experts, who questioned why the firm hadn't upgraded its online protection following previous attacks.

“The IT infrastructure within any company can be complex and with the rise in cloud services, shadow IT is undoubtedly on the increase," noted Aaron Higbee, CTO and cofounder at Cofense.

"In terms of security, a lack of visibility and control over IT is a huge problem; you can’t secure what you don’t know exists, particularly if you rely on plug-in security solutions. Consequently, security defence needs to evolve and improve as a business grows and threats evolve."