Carphone Warehouse admits up to 2.4 million customers affected by data breach

Stolen data may include credit card data and sensitive information used in identity theft.

Anatoliy Babiy | Malwarebytes

Carphone Warehouse admitted over the weekend that a catastrophic data breach has potentially led to the theft of unencrypted, sensitive data belonging to up to 2.4 million customers.

On Saturday, the UK-based mobile device retail giant released a statement indicating that both its websites and Internet services were penetrated by hackers in a "sophisticated cyberattack" discovered last Wednesday.

A follow-up investigation suggested that "personal data which may include name, address, date of birth and bank details of up to 2.4 million customers may have been accessed."

In addition, encrypted credit card information belonging to up to 90,000 customers may have been stolen.

While the "vast majority" of customers have not been affected by the data breach, 2.4 million customers now are in the process of being informed their data may have been stolen -- and as a result, could end up in the underground for sale. The company is contacting those impacted with advice on additional steps to take.

See also: Diving into the Dark Web: Where does your stolen data go?

The segment of Carphone Warehouse which has been affected operates OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, and also provides Internet services to TalkTalk Mobile, Talk Mobile and the relatively new iD Mobile network.

Sebastian James, chief executive of Dixons Carphone said:

"We are, of course, informing anyone that may have been affected, and have put in place additional security measures.

We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems."

Carphone Warehouse is working with an unnamed security firm as part of the investigation.

According to the BBC, UK data regulator the Information Commissioner's Office (ICO) is "making inquiries" into the data breach.

If you think you may have been affected, notify your bank and any credit card companies you're signed up for, so you are made aware of any unusual activity on your account. Using third-party credit score monitors such as Experian can also help, as does changing passwords on your customer accounts and keeping an eye on your financials for any unauthorised changes.

Read on: Top picks

In pictures:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All