Published: Wed, June 13, 2018
Economy | By

Dixons Carphone's huge data breach is the first big blunder post GDPR

Dixons Carphone's huge data breach is the first big blunder post GDPR

After British retailer Dixons Carphone admitted a major data breach involving 5.9 million payment cards and 1.2m personal data records many customers will be anxious they could be affected - here's how to find out.

The group said it had also found that 1.2 million records containing non-financial personal data, such as names, addresses or email addresses, had been accessed.

The breach was uncovered by Dixons Carphone this week, but apparently took place back in July 2017, when hackers tried to access a processing system used by its Currys PC World and Dixons Travel stores.

"We have taken action to close off this access and have no evidence it is continuing".

It is contacting all those affected, but sought to assure customers it had no evidence that this had resulted in fraud at this stage.

Dixons Carphone chief exec Alex Baldock apologised to customers for the inconvenience, adding (as is standard in post-breach statements) that the company takes security seriously.


"The protection of our data has to be at the heart of our business, and we've fallen short here", he said. Again, Dixons said there was no evidence that it had resulted in any fraud.

In a statement released this morning, the company said during a review of systems and data, it discovered that there has been "unauthorised access to certain data held by the company".

It said the data accessed did not contain Pin codes, card verification values (CVV) or any authentication data allowing cardholder identification or a purchase to be made.

Others compared the Dixons Carphone breach to the compromise of United States retailer Target in arguing lessons have not been learned. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems. It has informed police, regulators at the Information Commissioner's Office and the Financial Conduct Authority.

Dixons says it doesn't believe that the attackers have anything like the amount of data required to use the cards fraudulently.

While the breach took place last July, Dixons Carphone only realised that it had occurred in the last week and the notification delay of nearly a year was not a case of the firm covering up the fact, allegedly.

Like this: