Our Blog

Carphone Warehouse customer data breach investigated

  • Image
  • 0

The UK’s data watchdog is “making inquiries” after Carphone Warehouse said the personal details of up to 2.4 million of its customers may have been accessed in a cyber-attack. The attack was discovered on Wednesday, and made public on Saturday.

The encrypted credit card details of up to 90,000 people may have been accessed, the mobile phone firm said. The Information Commissioner’s Office, which examines data breaches, confirmed it was aware of the incident.

Carphone Warehouse says the data could include names, addresses, dates of birth and bank details and it is contacting all those affected.

What can those affected do?

* Notify your bank and credit card company, so they can monitor activity on your account
* Change your password for your online account
* Check your account for any suspicious or unexpected activity
* Be wary of anyone calling asking for personal information, bank details or passwords
* Visit Experian, Equifax or Noddle to check your credit rating to make sure no one has applied for credit in your name

Those who think they have been the victim of fraud should contact Action Fraud on 0300 123 2040.

Carphone Warehouse said the “sophisticated” cyber-attack, which happened in the past two weeks, was stopped “straight away” after it was discovered on Wednesday afternoon.

The affected division of the company operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some Carphone Warehouse customers.

The retailer’s owner, Dixons Carphone, has apologised for the attack and said additional security measures have been brought in. It has also taken the affected websites down.

Upset and scared

Carphone Warehouse customer Kerri, from Petersfield, in Hampshire, said she believed her email address had been hacked, and “things stolen”, since the breach.

“I am extremely upset as well as worried and scared,” she said. “Firms like Carphone Warehouse need to be held accountable for security breaches.”

Some customers complained they should have been made aware when the breach was first detected.

Technology analyst Tom Cheesewright said the company may have been trying to assess the level of damage before making the announcement. “I don’t think we’ll know until the Information Commissioner’s Office looks at this – whether they did the right thing, whether they were prudent in waiting a few days.” he added.

Ready market

He said it was likely the data would be sold on. “There’s a ready market in this sort of information. You might pay £5-10 for one set of credit card details, maybe twice that for a full identity,” he said. The details may then be used to shop or take out loans: “It’s a very good start for a full case of identity theft.”

He urged customers to watch for – and report – any suspicious activity on their bank accounts or credit reports.

A spokesman for the Information Commissioner’s Office said: “We have been made aware of an incident at Carphone Warehouse and are making enquiries.”

The Metropolitan Police said its Cyber Crime Unit had been notified of the breach by Carphone Warehouse but no formal allegation of a crime had been made.

The Met said it had not had any reports of fraudulent banking activity.

Source: BBC
http://www.bbc.com/news/uk-33840327

Tags:

This is a unique website which will require a more modern browser to work! Please upgrade today!