Carphone Warehouse hack: 2.4 million customers' details breached after 'cyber-attack'

Hackers may have accessed names, addresses, dates of birth and bank details

Millions of customers have had their details hacked
Millions of customers have had their details hacked

The personal details of up to 2.4 million Carphone Warehouse customers have been accessed by hackers, the mobile phone firm has admitted.

According to a statement from the firm the IT network of one of the firm’s online divisions, was the victim of a “sophisticated cyber-attack” within the last two weeks.

It confessed that the personal information of millions of customers – including bank details, addresses, names and dates of birth – may have been access by hackers.

Labelling the operation a “sophisticated cyber-attack,” Carphone Warehouse also said that 90,000 customers’ credit card details may have been accessed by the hackers.

"We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems," Sebastian James, group chief executive of Dixons Carphone, said in a statement.

"We are, of course, informing anyone that may have been affected, and have put in place additional security measures," he added.

The firm has sent an email to anyone who may be affected by the hack, alerting them that they should notify their bank and check for any suspicious activity on their account.

Alan Woodward, an adviser to the EU’s law enforcement agency Europol and a visiting cyber security lecturer at Surrey University, told The Independent: “In terms of UK firms, this attack is one of the biggest ever attacks we’ve seen in the last few years. British firms are increasingly a target after the big hacks in America of Target and Ebay.

“Thankfully it seems that Carphone Warehouse has encrypted the most sensitive bank and credit card information, but this is a reminder that hackers are targeting personal information and a warning to firms that they should act to encrypt and protect more of our personal data.”

The hacked IT division also reportedly operates websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, as well as providing services to TalkTalk Mobile, Talk Mobile and to the newly launched iD mobile network.

Carphone Warehouse, which is owned by Dixons Carphone following a £3.7bn merger, also incorporates Currys and PC World, but the parent firm said that majority of Carphone Warehouse data and that of Currys and PC World is held on separate systems and was not compromised during the attack.

Mr Woodward said that while it was too early to speculate, the most likely cause of the attack would be a so-called “spear fishing attack”, where hackers specifically targetted Carphone Warehouse’s system administrators. He said: “I wouldn’t be surprised if this was a relatively simple attack that conned the user name and password out of somebody. The human is often the weak link, no matter how good the software is.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in