Number Affected by Dixons Carphone GDPR Breach Much Higher Than First Thought

It has been revealed that a data breach at Dixons Carphone actually saw the personal data of 10 million people accessed, a much higher number than first indicated.

A statement released by Dixons on Tuesday said: “Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. While there is no evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted.

“We are continuing to keep the relevant authorities updated. As a precaution, we are choosing to communicate to all of our customers to apologise and advise them of protective steps to minimise the risk of fraud. As we indicated previously, we have taken action to close off this access and have no evidence it is continuing.”

In June Dixons Carphone revealed that 5.9 million customer bank card details and 1.2 million personal data records had been hacked and the group contacted all its customers in the UK and Ireland to inform them of this.

5.8 million of the payment cards targeted were protected by chip and pin. However, around 105,000 non-EU cards which did not have chip and pin protection were impacted. Dixons Carphone added that the relevant card companies had been made aware of the incident. They added that there was no proof of fraud on the cards due to the incident.

Dixons Carphone Chief executive Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.

“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”