Carphone Warehouse victim of sophisticated cyber-attack

Carphone Warehouse, part of Dixons Carphone, Europe’s leading specialist electrical and telecommunications retailer and services company, has recently announced that on 5 August 2015, it was subject to a sophisticated cyber-attack.

The company’s IT division operates the websites, and and provides a number of services to iD Mobile, TalkTalk Mobile, Talk Mobile, and to certain customers of Carphone Warehouse.

Immediate action to prevent further attacks

In a statement, Carphone Warehouse said it “took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected.” They have also put in place additional security measures to prevent further attacks.

The investigation indicated that personal data which may include name, address, date of birth and bank details of up to 2.4 million customers may have been accessed. Encrypted credit card data of up to 90,000 customers may also have been accessed. Carphone Warehouse and its partners are contacting all customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience.

“This attack was a sophisticated one and is part of the reality of the modern world. Our priority is reducing risk and inconvenience for customers and continuing to build ever stronger defences,” the company said.

Other brands not affected

Carphone Warehouse, now part of Dixons Carphone following last year’s £3.7 billion merger, began alerting customers via email on Saturday and took down affected websites.

“Currys and PCWorld and the vast majority of Carphone Warehouse customer data is held on separate systems and has not been accessed during this incident,” the company said.

Advice for customers

The company is advising its customers who are worried about fraudulent activity, to notify banks and credit card companies. Customers are also advised to check their credit rating to make sure no one has applied for credit in their name.

As part of its investigation, Carphone Warehouse said it has notified the Information Commissioners Office (ICO) and the police.

An Ico spokesman was quoted in The Guardian as saying: “We have been made aware of this incident at the Carphone Warehouse and are making enquiries.”

The UK’s data protection watchdog is also said to be investigating the incident.