Dixons Carphone has revealed a major data breach involving unauthorised access to 1.2 million of its customers’ personal records and 5.9 million payment cards.
The breach included customers names, addresses and emails being illegally accessed, although there is no sign of fraud as of yet.
Of the payment cards, authentication data was accessed, meaning purchases could not be made, and 105,000 were leaked because of not being chip and pin protected.
General Data Protection Regulations
The hack was discovered last week, although it took place before the new General Data Protection Regulations (GDPR) came to light on the 25 May 2018; causing it to be the first major breach to be announced since – click here to ensure you’re GDPR compliant.
In terms of the new GDPR being breached, major companies can, potentially, face fines of up to EU€20million, or 4% of its global annual turnover.
Luckily, the breach occurred before the new GDPR came into force, suggesting that the company has dodged the steep fines it would have received if the data was leaked after the new GDPR date.
Extra security measures
Over the coming days, the company will be apologising to customers whose personal information has been breached, as well as give them advice on keeping their personal data safe and secure.
The company’s new Chief Executive, Alex Baldock, said the company has “engaged cybersecurity experts to handle the matter, adding extra security measures to its systems”, according to The Guardian.
Following the data breach being announced, shares in Dixons Carphone also fell by 5.5%.
The cyber attack culprits are yet to be identified.
Written by Leah Alger