The hackers gained access to the names, addresses, dates of birth, andbank details of 2.4 million customers as well as access to 90,000 encrypted credit card details. Carphone Warehose, which is owned by Dixons Carphone, said the “vast majority” of customers were not impacted in the breach; however, customers of OneStopPhoneShop.com, e2save.com, Mobiles.co.uk, and TalkTalk Mobile were possibly affected as well.
After the incident Carphone notified its victims, cautioning them to beware of unsolicited calls requesting personal information, passwords or bank details. They also advised customers to conduct the following:
- Notify your bank and credit card companies of the incident so they can monitor your account for any suspicious activity
- Change your password for your account
- Check your credit rating to ensure no one has opened an account in your name using one of the following services: Experian and Equifax
- If you have fallen victim to fraud, report it to Fraud Act
Carphone Warehouse announced that the incident, perpetrated a few weeks ago, was immediately stopped after its discovery on Wednesday. Carphone launched a forensic investigation to find the culprits.
Despite these efforts we strongly caution users to follow the tips above in addition to being wary of phishing emails. Phishing emails are the most commonly used techniques by cybercriminals tocompromise systems and gain access to target systems, both for consumers as well as corporations. Attackers can use the sensitive information from Carphone Warehouse as a platform to launch other phishing attacks to target victims.
We advise users to be extremely cautious when receiving emails, especially from unsolicited messages or from unknown sources. It’s advised not to open the messages, click on any URLs or open attachments as they could be programmed to redirect you to harmful sites or install malicious software directly into your machine.
The official statement by Carphone Warehouse can be found on Dixons Carphone's website, where the company issued a public statement on Saturday, August 8.
Data Protection Vendor Evaluation Toolkit
The toolkit contains an RFI-RFP criteria template and a corresponding vendor evaluation scorecard.
Related ArticlesFriday Five: 9/20 Edition
A popular password manager fixes a bug, a 20 million person breach, and more - catch up on the week's infosec and privacy news with this week's Friday Five!46 Million Person Airline Breach Caused by Ex-Contractors
It appears this summer's 46-million-person breach at a Southeast Asian airline carrier wasn’t caused by a misconfigured bucket but by two ex-staffers at a contracting firm.Friday Five: 12/7 Edition
Can the blockchain stop phishing? Are all of these data breaches scorning users? This week's Friday Five attempts to answer those questions and more.