Dixons Carphone have recently confirmed a huge data breach involving 5.9 million card payments and 1.2 million personal data records. An investigation is underway, which began in July 2017, and questions have been asked of the company as to why it has taken so long to publically confirm the incident. The electronics retailer have confirmed that relevant card companies have been informed however Dixons Carphone say they have had no evidence that any of the cards affected by the hacking had been used fraudulently following the breach.
Dixons Carphone confirmed 5.8 million targeted card payments were protected by chip-and-pin, but that around 105,000 non-EU cards without chip-and-pin protection were compromised. It is believed the hackers tried to gain access to one of Currys PC World and Dixon Travel stores’ processing system.
Of the 1.2 million personal data records that the hackers had have unauthorised access to, only non-financial personal data such as name, email address and home address have been accessed. It is not believed that financial information used to make purchases such as pin codes have not been accessed.
Chief executive of Dixons Carphone said he was “extremely disappointed” by the data breach and “sorry for any upset”.
“The protection of our data has to be at the heart of our business and we’ve fallen short here” he added.
Thankfully for Dixons, the incident happened before the new GDPR rules came into force, which now include much bigger fines. Under previous data protection rules, which the company will be subject to due to the timing of the breach, the maximum imposable fine is £500,000. However, under the new EU regulations, companies can be fined up to £17.6 million for a major data breach. Beyond the fines though, a data breach can seriously impact a business with its customers, clients and employees losing trust in their ability to protect their personal data.
HPC are currently offering a GDPR consultancy package which will give your business the tools it needs to be compliant with the new regulations. If you are interested in this package, or have any other questions regarding GDPR or would like support or guidance, please get in touch with a member of the HPC team.
Phone: 0844 800 5932