Dixons Carphone has revealed its estimation of how much the customer data was stolen in the recent disclosed breach by almost nine million records.
The UK retailer has revealed in June that the attackers had accessed almost 1.2 million personal data of Currys PC World and Dixons Travel Store customers. Those hacked data includes names, addresses and email addresses.
However, in the recent statement today it is claimed that almost around 10 million records have been accessed which do includes the personal data in the 2017 incident, whilst has also admitted that “there is now evidence that some of this data may have left our systems.”
However, the high street giant has again pointed out that the compromised records “Which do not contain any payment card or bank account details and there is no evidence that nay fraud has resulted.”
Alongside the 1.2 million records which contains the personal data, the original breach has saw an ‘attempt’ to compromise 5.9 million cards which were held in the systems. Dixons Carphone said that 5.8 million of these has chip and PIN protection and those stolen data of course do not include the pin codes, card verification values (CVV) or any authentication data which is for sure making it more difficult for any attacker to monetize although they are still exposing customers to a serious CNP fraud risk.
“Since our data security review has uncovered last year’s breach, we have been working around the clos to put it right. That’s included closing off the unauthorized access, adding the new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we are updating on today,” said CEO Alex Baldock.
“As a precaution, we are now also contacting all our customer to apologize and advise on the steps they can take to protect themselves. Again, we are disappointed in having fallen short here, and very sorry for any distress we have caused our customers.”
Mark Adams, who is the regional VP for UK & Ireland at Veeam, he argued and worrying that Dixons Carphone got the scale of the breach so wrong.
“These days the public care a lot about how their data is handled and by whom, and they want organizations to be more proactive in managing that data, so the size of the breach is going to translate into a much higher loss than many will imagine,” he added. “With so much competition for business, this will be an expensive breach with a long tail of damage for the organization’s brand and reputation.”