On Saturday 8 August Carphone Warehouse issued a statement to outline a discovery it had made 3 days earlier, which relates to the security of 2.4m customers.
Sophisticated hackers had managed to breach the IT systems of a division of Carphone Warehouse in the UK, the division that operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and provides a number of services to iD Mobile, TalkTalk Mobile, Talk Mobile, and to certain customers of Carphone Warehouse.
The UK mobile phone retailer said it took “immediate action” to secure these systems and launched an investigation with a top cyber security firm to determine exactly what data was affected as well as putting in place additional security measures to prevent further attacks.
The investigation indicated that personal data which could include name, address, date of birth and bank details of up to some 2.4m customers may have been accessed as well as encrypted credit card data of up to 90,000 customers. At the time the statement was released, Carphone Warehouse said it, along with its partners, was contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience. It is understood that Currys and PCWorld and the vast majority of Carphone Warehouse customer data is held on separate systems and had not been accessed during the incident.
Now the UK’s data protection watchdog is investigating the attack and Carphone Warehouse, part of Dixons Carphone after last year’s merger, is insisting that customers check their online accounts and bank statement for any suspicious activity.