The personal details of up to 2.4 million Carphone Warehouse customers have been accessed by hackers, the mobile phone firm has admitted.
According to a statement from the firm the IT network of one of the firm’s online divisions, was the victim of a “sophisticated cyber-attack” within the last two weeks.
It confessed that the personal information of millions of customers – including bank details, addresses, names and dates of birth – may have been access by hackers.
Labelling the operation a “sophisticated cyber-attack,” Carphone Warehouse also said that 90,000 customers’ credit card details may have been accessed by the hackers.
"We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems," Sebastian James, group chief executive of Dixons Carphone, said in a statement.
"We are, of course, informing anyone that may have been affected, and have put in place additional security measures," he added.
The firm has sent an email to anyone who may be affected by the hack, alerting them that they should notify their bank and check for any suspicious activity on their account.
Alan Woodward, an adviser to the EU’s law enforcement agency Europol and a visiting cyber security lecturer at Surrey University, told The Independent: “In terms of UK firms, this attack is one of the biggest ever attacks we’ve seen in the last few years. British firms are increasingly a target after the big hacks in America of Target and Ebay.
“Thankfully it seems that Carphone Warehouse has encrypted the most sensitive bank and credit card information, but this is a reminder that hackers are targeting personal information and a warning to firms that they should act to encrypt and protect more of our personal data.”
The hacked IT division also reportedly operates websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, as well as providing services to TalkTalk Mobile, Talk Mobile and to the newly launched iD mobile network.
Carphone Warehouse, which is owned by Dixons Carphone following a £3.7bn merger, also incorporates Currys and PC World, but the parent firm said that majority of Carphone Warehouse data and that of Currys and PC World is held on separate systems and was not compromised during the attack.
Mr Woodward said that while it was too early to speculate, the most likely cause of the attack would be a so-called “spear fishing attack”, where hackers specifically targetted Carphone Warehouse’s system administrators. He said: “I wouldn’t be surprised if this was a relatively simple attack that conned the user name and password out of somebody. The human is often the weak link, no matter how good the software is.”