Carphone Warehouse has revealed that personal information on up to 2.4m customers may have been accessed by “a sophisticated cyber-attack”.
- Cyber-attackers target sensitive data on up to 2.4 million customers
- Encrypted credit card details on up to 90,000 customers may have been accessed
- Dixons Carphone boss Seb James apologises as investigation is launched
Sensitive data including names, addresses, dates of birth and bank details may have been hacked, while encrypted credit card details of up to 90,000 customers may also have been accessed.
The cyber-attack was discovered by the electricals retailer on Wednesday, but details of the incident did not emerge until Saturday.
Carphone Warehouse said the IT systems of a division that operates the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites had been targeted in the attack. The same division also provides “a number of services” to iD Mobile, TalkTalk Mobile, Talk Mobile and to some Carphone Warehouse customers.
The retailer said it “took immediate action to secure these systems” once the cyber-attack had been discovered.
Currys and PCWorld and the vast majority of Carphone Warehouse customer data is held on separate systems and has not been accessed during this incident.
Carphone Warehouse added it had put “additional security measures in place” and has launched an investigation into the incident.
It is contacting all customers who may have been affected by the breach. Consumers are being urged to contact Action Fraud on 0300 123 2040 for further help and advice.
Dixons Carphone chief executive Seb James said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems. We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
A spokesman for the Information Commissioner’s Office said: “We have been made aware of an incident at Carphone Warehouse and are making enquiries.”