A 2017 breach at one of the largest consumer electronics retailers in Europe might have exposed 10 million records containing personal data.

On 31 July, Dixon’s Carphone issued an “Update on Investigation into Unauthorized Data Access.” The retailer explained in its statement it has reason to believe that unauthorized individuals might have accessed approximately 10 million records containing personal data in 2017. It clarified that these exposed records didn’t contain payment card or banking details. Even so, it found evidence with the help of forensic investigators that some of those records might have left its systems.

Dixons Carphone Chief Executive Alex Baldock explained in the statement that the company is focused on helping protect victims:

Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today. As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves.

This statement came less than two months after Dixon’s Carphone released a notice disclosing an instance of unauthorized data access. That incident, which is the same event discussed in the company’s updated notice, involved an attempt to expose 5.9 million payment cards, 5.8 million of which had chip and pin protection, as well as 1.2 million data records containing personal information. At the time, the retailer said it had no evidence that any data had left its systems and indicated it would be contacting affected customers soon.

The update also came more than half a year after the United Kingdom’s Information Commissioner’s Office (ICO) imposed (Read more...)