Dixons Carphone has announced that, after a review following a hack of its customers’ data, 10 million customers rather than the original estimate of 1.2 million have actually been affected.
What Happened?
Back in June, Dixons Carphone announced that a hacking attempt, which had actually taken place in July 2017, had been made on one of the processing systems of Currys PC World and Dixons Travel stores. The original announcement put the figures at an attempted theft of the details of 5.9 million credit and debit cards, with only 105,000 cards without chip-and-pin protection being leaked, and an estimated 1.2 million personal data records being accessed/compromised.
Millions More
This latest shocking announcement puts the number of customers thought to be affected at 10 million!
Dixons Carphone has apologised to customers and has offered an assurance that the company is fully committed to making their personal data safe.
No Bank Details & No Fraud
Despite the large numbers of customers affected by the breach, Dixons Carphone has been quick to point out that no bank details were taken, and it has found no evidence that fraud had resulted from the breach.
Working With Cyber-Security Experts
The company has stated that it has been working hard with cyber-security experts since the breach and has put in further security measures to keep customer data safe in future.
The updated security measures taken have been reported to include closing off the unauthorised access, adding new (unspecified) security measures, and launching an immediate investigation.
Also, Dixons Carphone is reported to be in the process contacting all of its customers to apologise and advise on what steps they can take to protect themselves.
Other Woes
The massive data breach is one of many woes that the company has been experiencing in recent times. Back in May, it was announced that Dixons Carphone highlighted people not renewing their handsets as frequently and a declining market for long-term mobile contracts as 2 main reasons for the planned closure of 92 of its 700 stores. The company was forced to act after a warning that the next year’s profits could be down £82 million led to shares in the company falling 20.7%. Share values had already fallen by 30% over the previous 12 months,
Market commentators have noted that a fall in the value of the pound (in the wake of Brexit) has made mobile handsets more expensive. Also, technical innovation has slowed, giving shoppers less reason to update their phones, meaning that they have been hanging onto their current handsets for longer.
What Does This Mean For Your Business?
We’re getting so used to hearing about data breaches where millions of people have been affected that we’re in danger of accepting it as normal. It’s important to remember that all companies, particularly with GDPR now in place, have at least a legal responsibility to protect the personal data of their stakeholders to the best of their abilities.
All businesses must surely be aware that cyber-criminals are now using sophisticated and multi-level methods to find their way into whatever weaknesses they can find on a daily basis, and large, well-known companies with millions of customers (and millions of valuable customer details) are obviously going to be prime targets. We should be thinking, therefore, that a large company that is, no doubt, aware of the cyber threats in the business environment, allowing the details of over 10 million customers to be taken, and customers only finding out and receiving an apology a year later isn’t acceptable.
Data protection should now be a priority issue in the boardroom, and even though some companies may be going through difficult times financially, data protection is not an area where they can really afford to let their guard down. The damage to reputations, the loss of customers, and fines from the ICO can now be enough to threaten the existence of a business, and even without the moral and ethical perspective, this should be enough of a motivator to keep businesses pushing to stay at least one step ahead of today’s known cyber threats.