Recently, Dixons Carphone disclosed that an investigation regarding a massive data breach has discovered that personal information that belonged to approximately 10 million of its customers may have been accessed in 2017. The figure is almost 10 times as much as the number that was initially thought.
When the company initially reported the said breach last June, the electronics retailer had estimated the attack that involved the unauthorised access to around 1.2 personal records. It said that there were no signs of any fraud were discovered.
The chief executive of the company, Alex Baldock, stated: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”
He added: “Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”
The firm said that records containing personal information including names, email addresses or addresses had been accessed, however, no financial information were accessed during the said breach. It is communicating to its customers to issue an apology for the data breach, however, it is not planning to pay any compensation as there is no evidence that anyone has experienced any kind of financial loss due to the incident.
Dixons stated: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted.”
The company is conducting an investigation in cooperation with the National Cyber Security Centre, a branch of GCHQ, the intelligence and security service of Britain.
However, the retailer did not provide an update regarding a separate investigation into the unauthorised access to 5.9 million of the cards of the customers of Dixons Carphone. It said that it was nearing completion and there were also no signs of fraud.
Dixons said that it had put additional security measures in place in order to prevent future cyber-attacks following the breach, which was considered to be one of the largest data breaches at a single company.
Dixons Carphone has said that the data breach occurred in 2017 before the new European General Data Protection Regulation rules were imposed.
Under the earlier Data Protection Act, the maximum fine imposed would be £500,000. On the other hand, under the new GDPR rules, companies could face a maximum of €20m (£17.6m) or 4 percent of global turnover, whichever is the higher.