Carphone Warehouse data breach affects millions of phone customers

Hackers have breached the personal data of up to 2.4 million Carphone Warehouse customers, the technology giant has admitted today. The company – who merged with Dixons to form Europe’s largest electronics retailer last year – said a sophisticated hack allowed hackers to gain access to the systems which power its retail stores as well as its e2save, OneStopPhoneShop and Mobiles.co.uk websites.

The company reached out to affected customers (like myself who has shopped at the latter of the three websites in the past) via email and revealed the attack was discovered on Wednesday. The breach is said to have included names, addresses, date of birth information and back details of up to 2.4 million customers as well as the encrypted credit card data of 90,000 customers.

In its email to affected customers, the company said:

At this stage, our investigation indicates that some of the data held on our systems from customers and people who have previously provided information to the company has been accessed. This may include some of your personal details, including your name, address, date of birth and bank details.

We take the security of your data extremely seriously, and we have put in place additional security measures to prevent further attacks. Nevertheless, we felt it was important to let you know as soon as possible.

Talking to The Telegraph, Dixons Carphone chief executive Sebastian James, said:

We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems . We are, of course, informing anyone that may have been affected, and have put in place additional security measures.

[related_videos title=”Top Phones of 2015:” align=”left” type=”custom” videos=”628891,626236,624837,624818,606876,597711″]He then went on to add that information of customers who have shopped at Dixons’ brands Currys and PC World and the “vast majority” of Carphone Warehouse customer data is housed on separate systems and wasn’t affected by the hack. Looking through social media, customers are naturally outraged at how the UK’s only major independent retailer has let this happen, as well as why it took the company three days to reveal the hack given credit cards details are involved:

Buying a phone via the internet is a fast growing trend in the UK as deals are often cheaper thanks to less overheads but it does come with a security risk; while firms do their best to ensure data is secure, a breach can often lead to the personal data of millions of customers being made available as has transpired here.

If you’re one of the customers affected, there’s a few things you can do to reduce the risk of fraudulent activity:

• Notify your bank and credit card company, so that they can monitor activity on your account
• Checking for suspicious or unexpected online or account activity
• Be wary of anyone calling asking for personal information, bank details or passwords
• Check your credit rating to make sure no one has applied for credit in your name. You can do this by visiting Experian or Equifax

For most customers in the UK, choosing to avoid Carphone Warehouse will significantly limit the number of available choice as – following the sudden collapse of rival Phones4u last September – the company is the only independent retailer on the market and offers the widest range of phone subscriptions and packages.

In the UK, Samsung Experience Stores are also run by Carphone Warehouse and it’s not immediately clear whether those customers have also been affected; we’ve reached out to Samsung and Carphone Warehouse for a comment and will update when we hear back. Did you receive the email (which you can see in full below) letting you know you were amongst those affected? Let us know in the comments below.