The UK’s data watchdog is “making enquiries” after Carphone Warehouse admitted being victim of a cyber-attack. The attack was discovered on Wednesday, and details were released on Saturday.
The Information Commissioner’s Office, which examines data breaches, confirmed it was aware of the incident.
Carphone Warehouse said the “sophisticated” cyber-attack was stopped “straight away” after it was discovered on Wednesday afternoon. It said the breach probably happened within the previous two weeks.
The retailer’s owner, Dixons Carphone, has apologised for the attack and said additional security measures have been brought in. It has also taken the affected websites down.
Technology analyst Tom Cheesewright said:
“The question is how much they knew and when did they know.
“Did they know what had been breached, what had been lost? Do you risk, if you announce early, that you terrify people and actually the breach has been minimal, or do you do the forensics first… and then announce things once you know for sure.
“I don’t think we’ll know until the Information Commissioner’s Office looks at this.”
He said it was unlikely the data would be used by those who accessed it.
“They’ll go online, they’ll sell it to people – there’s a ready market in this sort of information.”
A spokesman for the Information Commissioner’s Office said:
“We have been made aware of an incident at Carphone Warehouse and are making enquiries.”