BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Carphone Warehouse in customer data breach

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 10 Aug 2015 18:35:28 -0600
http://www.bbc.com/news/uk-33835185

Personal details of up to 2.4 million Carphone Warehouse customers may have
been accessed in a cyber-attack, the mobile phone retailer says.

Up to 90,000 customers may also have had their encrypted credit card
details accessed, it said in a statement.

While the "vast majority" of Carphone Warehouse customers are unaffected,
the breach does concern some of the company's separately managed divisions.

The retailer's owner, Dixons Carphone, said it was very sorry for the
attack.

The affected part of the company operates the OneStopPhoneShop.com,
e2save.com and Mobiles.co.uk websites.

It also provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and
some Carphone Warehouse customers.

Sebastian James, chief executive of Dixons Carphone, said: "We are, of
course, informing anyone that may have been affected, and have put in place
additional security measures.

"We take the security of customer data extremely seriously, and we are very
sorry that people have been affected by this attack on our systems."

Carphone Warehouse said it was informing all customers who may have been
affected of the breach.

It will also advise affected individuals on how to reduce the risk of
further consequences arising from the data leak.

What can those affected do?

- Notify your bank and credit card company, so they can monitor activity on
your account
- Change your password for your online account
- Check your account for any suspicious or unexpected activity
- Be wary of anyone calling asking for personal information, bank details
or passwords
- Visit Experian, Equifax or Noddle to check your credit rating to make
sure no one has applied for credit in your name

Those who think they have been the victim of fraud should contact Action
Fraudon 0300 123 2040.

Craig Gee-Clough, from Bolton, told the BBC he has been contacted by
mobiles.co.uk about the breach via letter.

"I can't contact the bank until after the weekend so am worried about what
offences can be committed. Fraudsters can do anything with that
information."

He said he is also unhappy about now having to pay to check his credit
files.

The company's investigation found that the data could have included names,
addresses, dates of birth and bank details.

A Carphone Warehouse spokesman said the attack was stopped "straight away"
after it was discovered on Wednesday afternoon.

He also said the breach was likely to have occurred at some point "within
the last two weeks before Wednesday afternoon".

The BBC's Joe Lynam says Carphone Warehouse first became aware of the
problem on 5 August.

"In that time, 72 hours, they will say we need to find the depth of the
breach, but let's say some people do have their cards compromised," he said.

"They will be livid that they weren't told straight away, so they could
cancel those cards."

Talk Talk used to be owned by Carphone Warehouse but is a separate company
- Carphone Warehouse now has contractual ties to it.

But 480,000 Talk Talk Mobile customers are affected by this breach.

Talk Talk later said on Twitter that a "very small number" of customer
passwords accessed in the breach may not have been encrypted, but that the
relevant online accounts had been blocked until those passwords are reset.

Carphone Warehouse took the affected websites down itself, to protect data
once the problem was recognised.

Customer information for Currys and PC World - and the "vast majority" of
Carphone Warehouse - is held on separate systems and was not accessed
during the attack, the company added.

The Information Commissioner's Office, which is the regulator in the area
of personal data, can impose fines of up to £500,000 if a company is found
to have not done enough to protect its customers' personal information.

Dixons Carphone was formed last year by the merger of Carphone Warehouse
and Dixons Retail.

In July it reported a 21% jump in profits in its first annual results since
the merger that created the mobile phone and electrical goods firm.

In the UK and Ireland, where it trades under the Carphone Warehouse, Currys
and PC World names, sales rose by 8%.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: