When initially announced on 13th June, it was 1.2 million customer records involved, but with further investigation the breach now looks to have affected approximately 10 million records.
Admitting personal data has left their systems, Dixons are re-assuring customers that these details do not contain payment card or bank account details.
Dixons say that further security measures are now in place to safeguard customer information, as well as increasing their investment in cyber security.
The announcement from Dixons is available here.
Read more:
BBC - Dixons Carphone says data breach affected 10 million
The Register - Dixons Carphone: Yeah, so, about that hack we said hit 1.2m records? Multiply that by 8.3
email from Dixons - 14/08/2018
ReplyDeleteDear Customer
On June 13, we began to contact a number of our customers as a precaution after we found that some of our security systems had been accessed in the past using sophisticated malware.
We promptly launched an investigation. Since then we have been putting further security measures in place to safeguard customer information, increased our investment in cyber security and added additional controls. In all of this we have been working intensively with leading cyber security experts.
Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. This unauthorised access to data may include personal information such as name, address, phone number, date of birth and email address.
While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result. We are continuing to keep the relevant authorities updated.
As a precaution, we are letting our customers know to apologise and advise them of protective steps to take to minimise the risk of fraud. These include:
- If you receive an unsolicited email, letter, text or phone call asking for personal information, never reveal any full passwords, login details or account numbers until you are certain of the identity of the person making the request. Please do not click on any links you do not recognise.
- If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040*.
- We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.
- You can find more information here
We take the security of your data extremely seriously and have previously announced that we have taken action to close off this access and have no evidence it is continuing. Nevertheless, we felt it was important to let customers know as soon as possible.
We continue to make improvements and investments to our security systems and we’ve been working round the clock to put this right. We’re extremely sorry about what has happened – we’ve fallen short here. We want to reassure you that we are fully committed to protecting your data so that you can be confident that it is safe with us.
Yours sincerely,
Antreas Athanassopoulos
Dixons Carphone Chief Customer Officer