Today Dixons Carphone announced its data breach hit 10 million customers, nearly ten times the original estimate of those affected.
When the breach was first reported in June, the electronics retailer estimated the attack to involve unauthorised access to 1.2 million personal records.
Now, the owner of PC World and Carphone Warehouse has revealed that around 10 million records containing personal data were accessed.
According to Mark McClain, CEO and Co-Founder at SailPoint, the unfortunate news about the true extent of the Dixons Carphone hack demonstrates that consumer data breaches can and do impact corporate security and business operations (well beyond the embarrassment factor).
“Once again, hackers targeted users, compromising their login credentials to gain access; this signifies that humans truly are the new security perimeter today and organisations need to better address this with an identity governance programme firmly in place,” says McClain.
“Further, since this particular incident went months and months without being discovered indicates that in addition to identity governance, Dixons’ would have benefitted from having an identity analytics solution in place to monitor for abnormal behaviour by these users who ultimately, had been compromised. Without monitoring for abnormal behaviour, it is difficult for a company to detect a breach, or accurately calculate its extent, which is the first step to preventing any further damage to the business and its customers.”
Protecting employers & data
Research shows that employees reuse passwords across both work and personal accounts, creating an easy way for hackers to gain access to corporate accounts when personal accounts that share login credentials are breached.
“Security teams should conduct their own research around the exposed credentials, to determine not only if their employee’s emails or passwords are exposed, but also their customers’ emails. If customers’ employees use the same password for work and personal accounts, then those customers’ systems could also be compromised by hackers. As you can see, this can create quite a ripple effect,” adds McClain.
He also notes that, ultimately, enterprises must remain vigilant in how they prepare and respond, as well as how they protect their employees, data, infrastructure, and the data they manage on behalf of customers and partners.
Written by Leah Alger