Dixons Carphone Breached

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. It is investigating the hacking attempt, which happened last year. Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.


Please see below for some commentary on this news:


James Hadley, CEO & Founder of Immersive Labs

“Cyber criminals continue to develop and carry out sophisticated attacks on the retail sector where personal data and payment information are often transmitted and stored in unsecure ways. Companies, including those in the retail sector, need to ensure they have both technical solutions and skilled technical staff to reduce risks to acceptable levels.”


Lee Munson, Security Researcher at Comparitech.com

“The breach at Dixons Carphone highlights, yet again, how common attempts at exfiltrating personal data and payment card information have become.

What is worrying here is the delay between the breach occurring last year and the disclosure today. Whether or not that was down to the company not being aware until now is unclear. Thankfully, under GDPR, non-disclosure for business reasons is no longer possible as the ICO must be informed within 72 hours whenever possible.

Whatever the case, a breach of this size is likely to affect Dixons Carphone at a time when it is ill-prepared for the consequences. Typically, a business will see its share price fall on the back of a breach before recovering in the longer-term. In this instance, the fragility of the company may mean that the short-term dip will prove to be fatal.

Of more concern is the affect this could have on the chain’s customers, millions of whom have had their personal or payment card information leaked.

Dixons Carphone says there is no evidence of fraudulent payments being made with the stolen cards but affected customers would be well advised to keep an eye on their bank and credit card statements in case of rogue payments being taken.

Where personal information has been swiped, victims should be doing the same while also keeping a keen eye on their credit reports, in case of identity theft.”