Cyberattack on Carphone Warehouse leaves 2.4 million customers personal data exposed
The personal data of up to 2.4 million customers of British mobile phone retailer Carphone Warehouse may have been stolen as a result of a massive cyberattack, the company said, issuing apologies for the incident.
According to a statement published on Saturday by parent company, Dixons Carphone, the names, addresses, dates of birth and bank information may have fallen into hackers’ hands following a “sophisticated cyber-attack.”
The attack on a Carphone Warehouse division, operating the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and providing services to iD Mobile, TalkTalk Mobile, Talk Mobile, allegedly took place on August 5.
“We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected. We have also put in place additional security measures to prevent further attacks,” said the report.
Carphone Warehouse warned that the encrypted credit card information of up to 90,000 customers may have also been stolen.
The mobile retailer keeps those whose personal data may have been affected up-to-date, contacting them and giving instructions on how to mitigate the risk of further consequences.
@AlistairAJCarr customers affected are being contacted, please check your email to see if we have contacted you.
— Carphone Warehouse (@CPWTweets) August 8, 2015
Sebastian James, group chief executive of Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.”
“We are, of course, informing anyone that may have been affected, and have put in place additional security measures,” he added. “We have also put in place additional security measures to prevent further attacks.”
Some of the affected customers, however, have kept their chins up despite the worrying news.
So apparently my credit card details have been stolen by hackers via #carphonewarehouse well good luck trying to... http://t.co/kfif0ryfeX
— Susie Logan (@sweetsusielo) August 8, 2015
Don't mind me, just rush shipping a roll of these for the Security Officer at #carphonewarehouse. pic.twitter.com/X9OAgJbKoE
— Branston (@BranstonHoss) August 8, 2015
Had my identity hacked on #carphonewarehouse tonight. If anyone knows who I am please call me. Thank you x
— rod bishop (@rodbishop15) August 8, 2015
Carphone Warehouse, owned by Dixons Carphone after last year’s merger with Dixons Retail, also runs Currys and PC World. The company reassured its customers that information in the posession of Currys and PC World along with the “vast majority” of Carphone Warehouse is kept on other systems and wasn’t affected during the attack.
The security violation was discovered on Wednesday and since then the company has allegedly been working “intensively to establish the extent of the breach.”
The Carphone Warehouse data breach adds to the list of companies which suffered cyber-attacks targeting customers’ data over the past years, including giants like Sony, Target, JPMorgan Chase, Home Depot and many others.