GCHQ to investigate Dixons Carphone payment cards breach

Dixons Carphone data breach

An arm of GCHQ is now working with Dixons Carphone on mitigation measures after a major privacy data breach that was revealed yesterday.

The National Cyber Security Centre (NCSC) has said it was working alongside the retailer and other agencies – such as the Information Commissioner’s Office and Financial Conduct Authority – regarding the cyber attack on 5.9 million payment card details and 1.2 million personal data records.

The cyber attack was reportedly caused by an advanced computer virus – or malware – which penetrated processing systems at Currys PC World and Dixons Travel stores.

According to The Telegraphthe breach happened in July last year but it was only discovered last week after a review of Dixon Carphone’s systems.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts,” the NCSC said.

Although the breach was discovered over the past week, the fact it occurred within the last year – before the new European General Data Protection Regulation (GDPR) rules came into effect on May 25 – a the maximum possible fine imposed would be £500,000.

However, under the new GDPR rules, Dixons Carphone would be fined up to four per cent of its annual global revenue, which is estimated to be around £423 million.

Dixons Carphone yesterday said it had brought in cyber-security experts to investigate the data breach and implemented extra security measures across its systems.

It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.

“We are extremely disappointed and sorry for any upset this may cause,” chief executive Alex Badock said yesterday.

“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Click here to sign up to Retail Gazette‘s free daily email newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *