British mobile phone and electrical retailer Dixons Carphone announced that its payment card data had been illegally accessed.
“We have taken action to close off this access and have no evidence it is continuing. We have no evidence to date of any fraudulent use of the data as result of these incidents,” the company said in a press release.
An ongoing investigation showed that hackers attempted to access 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores. Fortunately, 5.8 million of the cards had chip and PIN protection, and the data accessed didn’t have PIN codes, card verification values (CVV) or any authentication data that would enable cardholder identification or a purchase to be made.
However, 105,000 non-EU issued payment cards that don’t have chip and PIN protection had been compromised. The relevant card companies have been notified so that they could protect customers and, so far, there isn’t any evidence of fraud on these cards.
In addition, the investigation found that 1.2 million records containing non-financial personal data, such as names, addresses or email addresses, had also been accessed. The company said there is no evidence that this information has left its systems or resulted in any fraud.
Chief Executive Alex Baldock, who joined the company in April, said in the press release, “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorized access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”
The company said it has informed the Information Commissioner’s Office (ICO), the Financial Conduct Authority (FCA) and the police about the incident.
Dixons Carphone’s shares were down 5 percent as a result of the news.