The hackers gained access to the names, addresses, dates of birth, andbank details of 2.4 million customers as well as access to 90,000 encrypted credit card details. Carphone Warehose, which is owned by Dixons Carphone, said the “vast majority” of customers were not impacted in the breach; however, customers of OneStopPhoneShop.com, e2save.com, Mobiles.co.uk, and TalkTalk Mobile were possibly affected as well.
After the incident Carphone notified its victims, cautioning them to beware of unsolicited calls requesting personal information, passwords or bank details. They also advised customers to conduct the following:
- Notify your bank and credit card companies of the incident so they can monitor your account for any suspicious activity
- Change your password for your account
- Check your credit rating to ensure no one has opened an account in your name using one of the following services: Experian and Equifax
- If you have fallen victim to fraud, report it to Fraud Act
Carphone Warehouse announced that the incident, perpetrated a few weeks ago, was immediately stopped after its discovery on Wednesday. Carphone launched a forensic investigation to find the culprits.
Despite these efforts we strongly caution users to follow the tips above in addition to being wary of phishing emails. Phishing emails are the most commonly used techniques by cybercriminals tocompromise systems and gain access to target systems, both for consumers as well as corporations. Attackers can use the sensitive information from Carphone Warehouse as a platform to launch other phishing attacks to target victims.
We advise users to be extremely cautious when receiving emails, especially from unsolicited messages or from unknown sources. It’s advised not to open the messages, click on any URLs or open attachments as they could be programmed to redirect you to harmful sites or install malicious software directly into your machine.
The official statement by Carphone Warehouse can be found on Dixons Carphone's website, where the company issued a public statement on Saturday, August 8.
Data Protection Vendor Evaluation Toolkit
The toolkit contains an RFI-RFP criteria template and a corresponding vendor evaluation scorecard.
Related ArticlesFriday Five: 9/6 Edition
iPhone hacking levels up, military veterans targeted in an identity fraud scam, and more - catch up on the week's biggest stories with the Friday Five!Judge not the breach, but the response
Two incidents from the week’s news show how breach response – not breaches themselves – are becoming the yardstick by which companies are measured.Transparency Trolling: The Problem with Dumping Public Records
Does former Florida governor and presidential hopeful Jeb Bush's release of e-mail constitute a data leak?