After investigating a data breach from July last year, Dixons Carphone has announced that hackers were able to access records of 10 million customers, almost eight million more than originally estimated.
Dixons Carphone chief executive Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”
At the time of discovering the breach, the electrical giant believed that the data breach involved 5.9 million payment cards and 1.2 million personal data records.
The hackers behind the data breach have tried to gain access to one of the processing systems of Currys PC World and Dixons Travel stores, according to Dixons Carphone
They were able to access records containing personal data such as names, addresses and email addresses; however, they were not able to access financial information.
The company also added that the investigation into unauthorised access to payment cards is close to completion and there is no evidence of fraud.
Dixons Carphone said in a statement: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted.”
Together with the National Security Centre—a branch of GCHQ, Britain’s intelligence and security service—Dixons Carphone is conducting an investigation on the data breach. Alex Neill, from consumer lobby group Which?, said: “Dixons Carphone customers will be alarmed to hear about this massive data breach and will be asking why it has taken so long for the company to uncover the extent of its security failure.
“It is now critical that the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take to protect themselves.
“Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach as scammers may try and take advantage of it.”
Dixons Carphone has said it has put further security measures in place to prevent further hacker attacks and will apologise to customers for the distress caused.
The company added: “As a precaution, we are choosing to communicate to all of our customers to apologise and advise them of protective steps to minimise the risk of fraud.
“As we indicated previously, we have taken action to close off this access and have no evidence it is continuing.”
The data breach from July 2017 was one of the biggest at a single firm to date.