1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Massive data breach at Dixons Carphone (who own PC World)

Discussion in 'General Discussion' started by Chris Wilson, Jun 13, 2018.

  1. Chris Wilson


    Joined: Nov 28, 2003

    Posts: 3,592

    Location: Shropshire

    Yet another huge data loss, near 6 million card details compromised! What the hell is wrong with these systems?

    Dixons Carphone calls in police as customer card details are targeted but the firm says there is no evidence of fraudulent use.

    08:29, UK, Wednesday 13 June 2018

    Dixons Carphone operates Currys PC World and Dixons Travel stores
    By James Sillars, business reporter

    Dixons Carphone says it has been the victim of an "unauthorised data access" in which millions of customer bank card details were targeted.

    The company said there was there was an attempt to compromise 5.9 million cards in one of its processing systems for Currys PC World and Dixons Travel stores.

    It said there was currently no evidence of any fraudulent use of the information - with the vast majority of the cards having chip and pin protection.

    However, it added that the company said it had notified card providers to 105,000 non-EU issued cards which did not have chip and pin technology so those customers could be immediately protected.

    In addition, Dixons Carphone said 1.2 million personal data records were hacked.

    It admitted non-financial personal data, such as name, address or email address, was accessed but it again insisted that it had seen no evidence of any fraud at this stage.

    The breach was currently being investigated by police, it said, while regulators had also been informed.

    The company's shares lost 5% of their value when trading began on Wednesday morning shortly after the disclosure.

    Chief executive Alex Baldock said: "We are extremely disappointed and sorry for any upset this may cause.

    "The protection of our data has to be at the heart of our business, and we've fallen short here.

    "We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.

    "We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly
    with those affected."

    The hacking represents a baptism of fire for Mr Baldock, who took over after Seb James quit as chief executive in January to take the helm at Boots.

    Dixons Carphone has issued a series of profit warnings since last summer amid tough trading for its mobile phone arm.

    It has part-blamed a slowdown in upgrades to new handsets for financial woes which have forced the company to slim down its Carphone Warehouse operation.

    The data breach could potentially leave the company open to a large fine.

    Source: https://news.sky.com/story/hacking-targets-customers-of-currys-pc-world-11403182
  2. Haze

    Wise Guy

    Joined: Jan 10, 2007

    Posts: 2,375

    What's wrong with systems.... Nothing, there is always going to be someone smart enough to find a way in
  3. Cold Fusion


    Joined: Jan 30, 2007

    Posts: 894

    GDPR: "Hold my beer and pass the lube"

    True Haze but when Yahoo store security questions un-encrypted its no wonder people have little time for excuses in these matters.
  4. skyripper

    Wise Guy

    Joined: Jul 19, 2011

    Posts: 1,672

    A lot of these companies have masses of interconnected systems sharing data, and exchanging it in various ways - messaging, flat file interfaces, sql updates etc. Protecting every single one of these is time-consuming, resource intensive and can make support more difficult. And rarely stop people with the right level of access from abusing it.

    Which is why some of them fall thru the cracks. Companies wanting to avoid data loss have to be lucky every time. Hackers (or data thieves) only have to be lucky one time.

    Security has nearly always been a "Oh, IT will sort that, lets go do something that makes some money" for businesses.
    GDPR has actually done some good in making the rest of the organisation as culpable as IT for data loss.
  5. Glanza


    Joined: Mar 13, 2007

    Posts: 8,827

    Location: South Yorkshire

    Can see it now:

    New type of phone call have your details been leaked by Dixons, if yes then you might be entitled to compensation.
  6. Schizo


    Joined: Feb 19, 2008

    Posts: 13,219

    Location: Home

    Just seen this and I'm truly shocked !!!!!!!.....didn't realise there was 5.9 million people who shopped there :)
  7. Beerbaron


    Joined: Feb 28, 2006

    Posts: 5,596

    Location: Beds

    Wasn't the breach pre GDPR though. Even if it was after the 25 May it may not necessarily mean a fine.
  8. Kol


    Joined: Jan 8, 2003

    Posts: 13,302

    Location: London

    Handing out fines is nothing new. The ICO have had the ability to fine organisations far before the new regulations came into effect.
  9. ubersonic


    Joined: May 26, 2009

    Posts: 20,049

    Well relying on Windows XP probably isn't helping :p
  10. Hades


    Joined: Oct 19, 2002

    Posts: 20,718

    Location: Surrey and London

    This is why I rarely save my card details 'for faster payment next time'. The inconvenience of typing it in si small compared to my card details being leaked.

    However if Amazon are hacked then I'm truly screwed :D
  11. sideways14a


    Joined: Aug 31, 2017

    Posts: 958

    For eons security has been a very "meh" subject in most companies and organisations and it doesnt help with cash strapped IT departments seen as a cost center that has to be cut cut cut.
    Pathetic management, fund and staff IT and technology properly and you will have less trouble with fines handed out when that technology comes and bites you on the ass.
  12. BowdonUK

    Wise Guy

    Joined: Jan 17, 2016

    Posts: 1,000

    I think there needs to be a way to hold people in these companies personally responsible as it doesn't seem that any of them take their job seriously.
  13. sideways14a


    Joined: Aug 31, 2017

    Posts: 958

    I think its called GDPR :p
  14. -UnderClocker-


    Joined: May 14, 2018

    Posts: 87

    Did anyone else receive an email about this today? About five minutes before I read about it on the news, I received an email, telling me not to worry about my details being stolen.
  15. pinkpound

    Wise Guy

    Joined: May 31, 2005

    Posts: 1,076

    Be afraid be very afraid :p

    Last time I used CPW was 3 years ago for a contract used debit card as proof . Hope they deleted it
  16. TheOracle


    Joined: Sep 30, 2005

    Posts: 9,650

    Wrong, the CEO isn't investing nearly enough on IT. The systems are old, out dated, supported by not enough people (nevermind, enough well trained people). Agree that no system is fully 100% secure, but when you know your systems are crap but do nothing about it, the buck stops with sand head.

    I know someone who works in their IT department. He told me they do not invest in IT, the servers are old, the software is old, they are short staffed, and what staff they do have aren't supported very well. Very cheeky of the CEO to says his disappointed, when it's him who is not investing in his IT staff and systems. Yep, they need heavy fines as this is the ONLY language they understand. Not just this company though, my own is the same and the two I previously worked for. IT is seen as a cost, not a business enabler.

    Business leaders need to be more proactive rather than reactive. The things I've heard over the years

    "we don't need to upgrade our firewalls as we've never been hacked yet"

    "do we need that many people on the server team, the servers never seem to go wrong these days"

    "why have a second data center for DR, we've never had a fire"

    Perhaps I should cancel my car insurance.....I've never had a crash

    :edit: actually I know two people who work for them. The second is a home worker on their support desk. He is always saying their remote servers are offline....and when they are online its painfully slow.
  17. Diddums


    Joined: Oct 24, 2012

    Posts: 15,699

    Location: London

    Eurgh. The stupid is strong today.
  18. TheOracle


    Joined: Sep 30, 2005

    Posts: 9,650

    caught you! haha I wondered what on earth you were on about for a second....until I saw the other thread
  19. Diddums


    Joined: Oct 24, 2012

    Posts: 15,699

    Location: London

    I know nothing :D
  20. sideways14a


    Joined: Aug 31, 2017

    Posts: 958

    Standard practise now for these companies to say there IT is great even when hacked, especially when in reality it is pathetic.
    Bean counters will never understand IT and the costs needed to keep it right.