Dixons Carphone data breach hits 10 million

Electronics retailer Dixons Carphone has issued an apology to its customers after data breaches in 2017 allowed unauthorised access to the personal data of over 10 million people.

In a statement the company said it is contacting all of its customers to apologise and advise them of protective steps to minimise the risk of fraud, but added that there is no “evidence that any fraud has occurred” so far.

The compromised data included names, addresses, phone numbers, dates of birth, marital status and historical payment card details. The Information Commissioner’s Office (ICO) considered that the personal data involved would significantly affect individuals’ privacy, leaving their data at risk of being misused.

Using valid login credentials, intruders were able to access the system via an out-of-date version of WordPress, a widely used content management system for website owners. The ICO said the incident exposed inadequacies in the organisation’s technical security measures, including failure to carry out routine security testing and inadequate measures to identify and remove historic data.

CEO Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.

“Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”