Carphone Warehouse Hack Leads to Data Breach of 2.4 Million Users
British mobile retailer Carphone Warehouse has admitted that hackers have breached their IT systems, resulting in the data leak of some 2.4 million customers.
Hackers have gained access to the personal details of up to 2.4 million Carphone Warehouse customers as a result of a cyber-attack targeting the British mobile retailer, according to a report in the BBC.
A statement from the company revealed that an IT network belonging to one of the many online divisions of the firm was targeted in a “sophisticated cyber-attack” that took place within the last two weeks.
The company also admitted that millions of customers’ personal information may be compromised. The personal information includes names, dates of birth, addresses and bank details. Crucially, up to 90,000 customers of the 2.4 million may have also had their encrypted credit card details accessed, the company noted in a statement.
“We take the security of customer data extremely seriously, and we are very sorry people have been affected by this attack. We are, of course, informing anyone that may have been affected, and have put in place additional security measures,” said Sebastian James, the chief executive of Dixons Carphone which owns Carphone Warehouse.
The company has hired a cybersecurity firm specializing in digital forensics with experts investigating the breach.
Another Massive Breach, Across the Pond
The company stressed that an email has been sent out to anyone who may be affected by the hack, notifying and recommending customers to look for suspicious activity in their financial account and asking them to notify their bank.
Security lecturer and expert Alan Woodward summed up the significance of the data breach, saying:
“In terms of UK firms, this attack is one of the biggest ever attacks we’ve seen in the last few years. British firms are increasingly a target after the big hacks in America of Target and EBay.”
Following a $5.8 billion merger, Dixons Carphone which owns Carphone Warehouse also incorporates PC World and Currys. The parent company was quick to confirm that the majority of data stored from Carphone Warehouse is held on separate systems to that of Currys and PC World, adding that the latter companies weren’t compromised in the hack.
While the malicious hackers operating behind the hack are yet unknown, Woodward has a theory on how the hack may have transpired.
“I wouldn’t be surprised if this was a relatively simple attack that conned the username and password out of somebody. The human is often the weak link, no matter how good the software is,” he concluded.
Images from Wikipedia.