Cyberattack on Carphone Warehouse leaves 2.4 million customers personal data exposed

© Luke MacGregor
The personal data of up to 2.4 million customers of British mobile phone retailer Carphone Warehouse may have been stolen as a result of a massive cyberattack, the company said, issuing apologies for the incident.

According to a statement published on Saturday by parent company, Dixons Carphone, the names, addresses, dates of birth and bank information may have fallen into hackers’ hands following a “sophisticated cyber-attack.”

The attack on a Carphone Warehouse division, operating the websites, and and providing services to iD Mobile, TalkTalk Mobile, Talk Mobile, allegedly took place on August 5.

“We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected. We have also put in place additional security measures to prevent further attacks,” said the report.

Carphone Warehouse warned that the encrypted credit card information of up to 90,000 customers may have also been stolen.

The mobile retailer keeps those whose personal data may have been affected up-to-date, contacting them and giving instructions on how to mitigate the risk of further consequences.

Sebastian James, group chief executive of Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.”

“We are, of course, informing anyone that may have been affected, and have put in place additional security measures,” he added. “We have also put in place additional security measures to prevent further attacks.”

Some of the affected customers, however, have kept their chins up despite the worrying news.

Carphone Warehouse, owned by Dixons Carphone after last year’s merger with Dixons Retail, also runs Currys and PC World. The company reassured its customers that information in the posession of Currys and PC World along with the “vast majority” of Carphone Warehouse is kept on other systems and wasn’t affected during the attack.

The security violation was discovered on Wednesday and since then the company has allegedly been working “intensively to establish the extent of the breach.”

The Carphone Warehouse data breach adds to the list of companies which suffered cyber-attacks targeting customers’ data over the past years, including giants like Sony, Target, JPMorgan Chase, Home Depot and many others.