Dixons Carphone has revealed a major data breach involving unauthorised access to 1.2 million of its customers’ personal records and 5.9 million payment cards.
The breach included customers names, addresses and emails being illegally accessed. Despite this, there is no sign of fraud as of yet.
Of the payment cards, authentication data was accessed, meaning purchases could not be made. This led to 105,000 cards being leaked because of not being chip and pin protected.
General Data Protection Regulations
The hack was discovered last week. It took place just before the new General Data Protection Regulations (GDPR) came to light on the 25 May 2018; causing it to be the first major breach to be announced since – click here to ensure you’re GDPR compliant!
In terms of the new GDPR being breached, major companies can, potentially, face fines of up to EU€20million, or 4% of its global annual turnover.
Luckily, the breach occurred before the new GDPR came into force, suggesting that the company has dodged the steep fines it would have received if the data was leaked after.
Extra security measures
Over the coming days, the company will be apologising to customers whose personal information has been breached, as well as give them advice on keeping their personal data safe and secure.
According to the company’s new Chief Executive, Alex Baldock, “the company has engaged cybersecurity experts to handle the matter, adding extra security measures to its systems.”
Following the data breach, shares in Dixons Carphone also fell by 5.5%.
The culprits are yet to be identified.
Written by Leah Alger