5.9 million hit by Dixon Carphone breach – delay in detection unacceptable

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. It is investigating the hacking attempt, which began in July last year. Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.


Commenting on the story is Javvad Malik, security advocate at AlienVault:


Details are still emerging on the latest breach in which it appears as if many personal records were compromised.

It appears as if the breach occurred prior to GDPR coming into force, which may prevent the ICO from imposing GDPR standards. But it is concerning that it appears to have taken many months before the breach was in fact detected by the company.

Breaches can be considered a cost of digital business. It shouldn’t come as a surprise when attackers try to access a system. However, threat detection controls should be in place that can at least detect when an attack does occur so that the appropriate remedial actions can be taken. 

In this day and age, for large companies that hold millions of customer records, waiting months before a breach is even detected should not be acceptable.