Millions of customers’ card details and personal records have been hacked at Dixons Carphone, and the retailer could now face a significant fine if security failings are found.
Nearly six million customers’ bank card details have been illegally accessed at the retailer, alongside 1.2 million personal data records.
Though 5.8 million card details accessed are PIN-protected according to the retailer, 105,000 cards from outside of the EU without PIN protection have been accessed.
A further 1.2 million customers’ personal data has been accessed, including names, addresses and email details.
Dixons Carphone said it has brought in cyber-security experts to investigate the data breach and has put extra security measures in place across its systems.
It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.
“We are extremely disappointed and sorry for any upset this may cause,” said Alex Badock, who took the helm at the technology retailer in January.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.
“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”
Shares fell by up to three per cent in morning trading, and Dixons Carphone could now face a significant fine over from the Information Comissioner’s Office (ICO) if security failings are found.
This is understood to be one of the largest data breaches in recent history and follows the recent implementation of general data protection regulation (GDPR).
A major part of this legislation was ensuring the security of personal data.
According to Collyer Bristow’s head of intellectual property and data protection Patrick Wheeler, the ICO may look to make an example of companies like Dixons Carphone, which have a good understanding of technology, if failings are discovered.