Currys PC World admits massive data breach involving millions of cards and personal records

The owner of Currys PC World has admitted that millions of bits of data have been compromised in a cyber attack on the company, which is now called Dixons Carphone. 

More than 5.9 million card records used in Currys PC World and Dixons Travel stores have been accessed. The company doesn't mention any breaches having taken place with data from Carphone Warehouse stores. 

Most of these - some 5.8 million - are UK or EU issued cards and have chip and pin protection. PINs have obviously not been disclosed as these are not kept with a card record.

Dixons Carphone says that "The data accessed...contains neither pin codes, card verification values (CVV) nor any authentication data" so it would be difficult to make a purchase with this card info. 

However, we'd surmise from that statement that card numbers and expiry dates are known to the perpetrators. 

Worryingly, 105,000 cards from non-EU countries have also been compromised and these do not have chip and pin protection. It's likely that these were primarily used in Dixons Travel stores at airports. 

Dixons Carphone says it has no evidence of any fraud having taken place as a result of the breach but it must be said that it would be easier to use this data to make purchases if it fell into the wrong hands. 

Also worrying is that the company's investigation found 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed. The company makes no mention of what area of the organisation these records pertain to. 

In a statement, Dixons Carphone says it has "no evidence that this information has left our systems or has resulted in any fraud at this stage. We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take."

Chief executive Alex Baldock added: "The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously."

Dixons Carphone is Europe's leading electrical and phone retailer, employing over 42,000 people in eight countries.

Carphone Warehouse was fined around £400,000 by the ICO (Information Commissioner's Office) for a breach in 2015. The breach occurred around a year after it merged with Dixons Retail to form Dixons Carphone. 

Now check out: 5 ways to ensure your passwords are always safe