ELECTRONICS RETAILER Dixons Carphone (DCP) has announced a breach in its systems that are said to have exposed the personal information of up to six million people.
The company, which trades under names including Currys PC World, Carphone Warehouse and Dixons Travel, says that two separate incidents have led to the theft of around 1.2 million general user data files and a whopping 5.9 million card details.
Dixons says it doesn't believe that the attackers have anything like the amount of data required to use the cards fraudulently. 5.8 million of the 5.9 million card details stolen are said to have chip and pin protection and no CVV data was taken (the last three digits on the back of the card).
The remaining 105,000 cards are a non-EU issue and these will be vulnerable to fraud. Dixons Carphone says it has contacted the relevant banks.
The GDPR rules, which came into effect last month will see the company liable to significant fines for failing to secure data, representing the first major screw-up under the new laws.
Dixons Carphone chief executive Alex Baldock said: "We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we've fallen short here. We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
"We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cybersecurity experts, added extra security measures to our systems and will be communicating directly with those affected. Cybercrime is a continual battle for business today and we are determined to tackle this fast-changing challenge."
Dixons Carphone will be contacting the 1.2 million people who have had their personal data breached and says it has already plugged the hole in its systems.
The company was attacked similarly less than three years ago, when 2.4 million people had their info scuppered, mostly through sub-brands like Mobiles.co.uk and MVNO phone companies like iD Mobile. µ
Could your next colleague be a bot?
Remove the tech or face the courts, threaten privacy advocates
OK Google... sell me stuff I didn't know I wanted
OxygenOS 5.1.7 also fixes issue related to 'Do Not Disturb' scheduling