Carphone Warehouse hacked, affecting up to 2.4 million customers

Last updated:

Details of up to 2.4 million Carphone Warehouse customers may have been accessed in a cyber-attack

Carphone Warehouse has admitted that hackers have gained access to the personal details of 2.4 million customers and that up to 90,000 customers may also have had their encrypted credit card details accessed.

The company announced that the IT systems of one of its UK divisions were found to have been breached on Wednesday, having been subjected to a “sophisticated cyber-attack” within the last fortnight.

The company’s investigation found that the data could have included names, addresses, dates of birth and bank details.

A Carphone Warehouse spokesman said the attack was stopped “straight away” after it was discovered on Wednesday afternoon. He also said the breach was likely to have occurred at some point “within the last two weeks before Wednesday afternoon”.

The division operates the the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk. All three of the websites were offline on Saturday afternoon as details of the attack were made public.

It also provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some Carphone Warehouse customers.

Carphone Warehouse, which is owned by Dixons Carphone following last year’s £3.7bn merger, also incorporates Currys and PC World. The retailer’s owner, Dixons Carphone, said it was very sorry for the attack.

Sebastian James, chief executive of Dixons Carphone, said:

“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.

“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.”

Carphone Warehouse took the affected websites down itself, to protect data once the problem was recognised.

Customer information for Currys and PC World – and the “vast majority” of Carphone Warehouse – is held on separate systems and was not accessed during the attack, the company added.

Carphone Warehouse said it was informing all customers who may have been affected of the breach.

“I am writing to you as a precaution after we discovered on the 5th August that some of our IT systems had been subjected to a sophisticated cyber attack.

We immediately took action to secure these systems and launched a full investigation with a leading cyber security firm to help us understand the impact of this attack. Our investigation is still going on.

At this stage, our investigation indicates that some of the data held on our systems from customers and people who have previously provided information to the company has been accessed. This may include some of your personal details, including your name, address, date of birth and bank details.

We take the security of your data extremely seriously, and we have put in place additional security measures to prevent further attacks. Nevertheless, we felt it was important to let you know as soon as possible.

To reduce the risk of fraudulent activity, we recommend that you consider taking the following steps:
• Notifying your bank and credit card company, so that they can monitor activity on your account
• Checking for suspicious or unexpected online or account activity
• Be wary of anyone calling asking for personal information, bank details or passwords
• You can check your credit rating to make sure no one has applied for credit in your name. You can do this by visiting Experian or Equifax.

If you think you have been a victim of fraud you should report it to Action Fraud, the UK?s national fraud and internet crime reporting centre, on 0300 123 2040.

I appreciate that this is potentially concerning for you and I am very sorry that this attack on us has caused this inconvenience.”

It will also advise affected individuals on how to reduce the risk of further consequences arising from the data leak.

Those who think they have been the victim of fraud should contact Action Fraud on 0300 123 2040.

Via

My Cart Close (×)

Your cart is empty
Browse Shop

We and our partners store or access information on devices, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for the purposes described below. You may click to consent to our and our partners’ processing for such purposes. Alternatively, you may click to refuse to consent, or access more detailed information and change your preferences before consenting.

Your preferences will apply to this website only. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. You can change your preferences at any time by returning to this site or visit our privacy policy.

Privacy Settings saved!
Privacy Settings

We and our partners store or access information on devices, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for the purposes described below. You may click to consent to our and our partners’ processing for such purposes. Alternatively, you may click to refuse to consent, or access more detailed information and change your preferences before consenting. Your preferences will apply to this website only. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. You can change your preferences at any time by returning to this site or visit our privacy policy.

When you use our Services, Rapid Mobile and our partners may use cookies and similar technologies (“cookies”) to store or retrieve information, including information about you, your use of our Services or your device. It is used to make our Services work as you expect them to, to enable analysis of your use and, because our Services are supported by advertising, to enable the delivery of ads that are more relevant to you. The information does not directly identify you. Because we respect your right to privacy, you can choose not to allow some types of cookies and processing. Click on the different category headings to find out more and change our default settings. Not allowing some types of cookies may impact your experience of our Services and what we are able to offer.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Used by Spamshield to stop spam signups.
  • _wpss_h_
  • _wpss_p_

For shopping cart and order processing two cookies will be stored. These cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart

In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

Confirm my Choices