British retailer suffers second major breach in three years

British retailer suffers second major breach in three years

Group's Carphone Warehouse division also suffered a data breach in 2015

Credit: Reuters

British mobile phone and electrical retailer Dixons Carphone has become the victim of a major cyber attack for the second time in three years after discovering unauthorised access to its payment card data.

Shares in Dixons Carphone, which issued a profit warning last month, fell as much as 6.4 per cent on Wednesday, taking year-on-year losses to 37 per cent.

“We have taken action to close off this access and have no evidence it is continuing,” the company said. “We have no evidence to date of any fraudulent use of the data as result of these incidents.”

The business said an investigation, which started last week, indicated there was an attempt, going back to July last year, to compromise data on 5.9 million credit cards in one of the processing systems of Currys PC World and Dixons Travel stores.

According to Dixons Carphone, 5.8 million of these cards had chip and pin protection and the data accessed contained neither pin codes, card verification values nor any authentication data that would enable cardholder identification or purchases to be made.

However, it said 105,000 non-EU issued payment cards which do not have chip and pin protection had been compromised.

Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers, and found no evidence of any fraud on these cards as a result of this incident.

The group said it had also found that 1.2 million records containing non-financial personal data, such as names, addresses or email addresses, had been accessed. It said there was no evidence of fraud here either.

Dixons Carphone informed Britain's data protection regulator the Information Commissioner's Office (ICO), as well as the Financial Conduct Authority (FCA) and the police.

The ICO said it was liaising with the National Cyber Security Centre, the FCA and other agencies to determine the impact on customers.

The group's Carphone Warehouse division suffered a data breach in 2015 and in February this year was fined a record matching 400,000 pounds (US$533,240) by the ICO.

Dixons Carphone paid 320,000 pounds as there was a 20 per cent reduction for early payment. It said since the 2015 attack it had worked extensively with cyber security experts to upgrade its security systems.

In 2016 the ICO fined broadband provider TalkTalk 400,000 pounds for security failings that allowed hackers to launch a cyber-attack in 2015.

“Disappointed and sorry”

“We are extremely disappointed and sorry for any upset this may cause," Dixons Carphone CEO Alex Baldock said. “The protection of our data has to be at the heart of our business, and we’ve fallen short here.”

Baldock joined Dixons Carphone in April and last month the group warned on profits and said it would have to close shops, wiping more than 500 million pounds off its stock market value.

Russ Mould, investment director at AJ Bell, said the cyber attack could undermine consumer confidence in the retailer.

"The fact this only came to light now thanks to a review of the company’s systems and data and actually occurred in 2017 is also cause for some concern," he said.

Because the data breach dates back to last year it will be dealt with by the ICO under the powers of the Data Protection Act 1998 and not the European Union General Data Protection Regulation (GDPR) which went into effect on May 25.

The maximum possible financial penalty under the 1998 Act is 500,000 pounds as opposed to 17 million pounds (20 million eur) under GDPR.

(Additional reporting by Jack Stubbs, Editing by Kate Holton, Susan Fenton and Alexandra Hudson)

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Dixons Carphone



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments