Dixons Carphone, the parent company behind well-known high-street electronic outlets Currys PC World and the airport-centric Dixons Travel, has warned of a data breach which has compromised 5.9 million payment card details - of which 105,000 cards are not protected by Chip and Pin systems.
Some three years on since its last major data breach Dixons Carphone has warned of the discovery of 'unauthorised access to certain data' during what appears to have been a routine review. While the company has not released details of the nature of the breach - though it has claimed to have 'taken action to close off this access and have no evidence it is continuing' - it has confirmed that the attacker or attackers received access to 5.9 million payment card details and 1.2 million non-payment customer records including name, address, and email address of its Currys PC World and Dixons Travel customers.
'We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here,' claims Alex Baldock, chef executive at Dixons Carphone, of the breach. 'We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.'
According to Dixons Carphone's statement to press and investors, the data breach is not thought to have resulted in financial losses for its customers. The bulk of the card details, bar 105,000 cards registered outside Europe, are protected by Chip and Pin and card verification value (CVV) systems which mean that simply having the name, code, and expiry date - as the company appears to have been storing in its system - is not enough to create fraudulent transactions.
The company has confirmed it is contacting all affected customers, and has warned card companies of the breach in order to head off any possible fraudulent activity.