The hackers gained access to the names, addresses, dates of birth, andbank details of 2.4 million customers as well as access to 90,000 encrypted credit card details. Carphone Warehose, which is owned by Dixons Carphone, said the “vast majority” of customers were not impacted in the breach; however, customers of OneStopPhoneShop.com, e2save.com, Mobiles.co.uk, and TalkTalk Mobile were possibly affected as well.
After the incident Carphone notified its victims, cautioning them to beware of unsolicited calls requesting personal information, passwords or bank details. They also advised customers to conduct the following:
- Notify your bank and credit card companies of the incident so they can monitor your account for any suspicious activity
- Change your password for your account
- Check your credit rating to ensure no one has opened an account in your name using one of the following services: Experian and Equifax
- If you have fallen victim to fraud, report it to Fraud Act
Carphone Warehouse announced that the incident, perpetrated a few weeks ago, was immediately stopped after its discovery on Wednesday. Carphone launched a forensic investigation to find the culprits.
Despite these efforts we strongly caution users to follow the tips above in addition to being wary of phishing emails. Phishing emails are the most commonly used techniques by cybercriminals tocompromise systems and gain access to target systems, both for consumers as well as corporations. Attackers can use the sensitive information from Carphone Warehouse as a platform to launch other phishing attacks to target victims.
We advise users to be extremely cautious when receiving emails, especially from unsolicited messages or from unknown sources. It’s advised not to open the messages, click on any URLs or open attachments as they could be programmed to redirect you to harmful sites or install malicious software directly into your machine.
The official statement by Carphone Warehouse can be found on Dixons Carphone's website, where the company issued a public statement on Saturday, August 8.
Data Protection Vendor Evaluation Toolkit
The toolkit contains an RFI-RFP criteria template and a corresponding vendor evaluation scorecard.
Related ArticlesFriday Five 9/3
How not to get hacked, a $9 million ransomware attack, and the FTC cracks down on a spyware app - catch up on the infosec news of the week with the Friday Five!Data Theft and DDT: Courts Increasingly Back ‘Future Risk’ from Data Breaches
Courts in the U.S. are increasingly accepting the risk of imminent and future injuries to consumers resulting from data theft as enough to give them standing in court cases and class action suits.Is a ransomware infection always a data breach? Yes.
FedEx’s disclosure of a material impact from NotPetya last week highlighted the awkward two-step that companies play around malware outbreaks and data breaches.