Posted 21 August 2018
Carphone Warehouse - 10 million customer details stolen
Be replacing any cards used at CPW as a precautionary measure, and check your credit files!
“Dear Customer,
On June 13, we began to contact a number of our customers as a precaution after we found that some of our security systems had been accessed in the past using sophisticated malware.
We promptly launched an investigation. Since then we have been putting further security measures in place to safeguard customer information, increased our investment in cyber security and added additional controls. In all of this we have been working intensively with leading cyber security experts.
Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. This unauthorised access to data may include personal information such as name, address, phone number, date of birth and email address.
While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result. We are continuing to keep the relevant authorities updated.
As a precaution, we are letting our customers know to apologise and advise them of protective steps to take to minimise the risk of fraud. These include:
We continue to make improvements and investments to our security systems and we’ve been working round the clock to put this right. We’re extremely sorry about what has happened – we’ve fallen short here. We want to reassure you that we are fully committed to protecting your data so that you can be confident that it is safe with us
Yours sincerely,
Antreas Athanassopoulos
Dixons Carphone Chief Customer Officer.”
dixonscarphone.com/mes…age
“Dear Customer,
On June 13, we began to contact a number of our customers as a precaution after we found that some of our security systems had been accessed in the past using sophisticated malware.
We promptly launched an investigation. Since then we have been putting further security measures in place to safeguard customer information, increased our investment in cyber security and added additional controls. In all of this we have been working intensively with leading cyber security experts.
Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. This unauthorised access to data may include personal information such as name, address, phone number, date of birth and email address.
While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result. We are continuing to keep the relevant authorities updated.
As a precaution, we are letting our customers know to apologise and advise them of protective steps to take to minimise the risk of fraud. These include:
- If you receive an unsolicited email, letter, text or phone call asking for personal information, never reveal any full passwords, login details or account numbers until you are certain of the identity of the person making the request. Please do not click on any links you do not recognise.
- If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040.
- We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.
We continue to make improvements and investments to our security systems and we’ve been working round the clock to put this right. We’re extremely sorry about what has happened – we’ve fallen short here. We want to reassure you that we are fully committed to protecting your data so that you can be confident that it is safe with us
Yours sincerely,
Antreas Athanassopoulos
Dixons Carphone Chief Customer Officer.”
dixonscarphone.com/mes…age
Community Updates
14 Comments
sorted byThey reassured customers that this meant hackers would not have access to their financial details, only their personal information.
But data security experts have warned that personal details are far more valuable to hackers than credit card details – and the loss of personal information could have far-reaching consequences.
‘If a hacker has your credit card details, they can use them to shop online and perhaps sell them online – there is a black market for these details,’ says Mohamed Zouine, director of corporate development at identity protection specialists Ground Labs.
‘But if a hacker has your name, address, date of birth, national insurance number – this type of information – they can commit ID fraud and get money from you in many other ways.
‘They could apply for a credit card in your name, or apply for a loan, a mortgage, a phone contract. Anything that requires on ID verification they could do.’
plus
What do Hackers do with Your Stolen Identity?
They said. "...we have no confirmed instances of customers falling victim to fraud as a result." ==> How do they even know what to do and how to confirm?! How many were unconfirmed? The big give away for ignorance is this, they said, "...If you think you have been a victim of fraud you should report it to Action Fraud , he UK’s national fraud and internet crime reporting centre, on 0300 123 2040. (Another words, don't call us, we don't want to know, you have to confirm or not confirm with Action Fraud."
They said, "We take the security of your data extremely seriously... " ===> How can we test or find out?! It is just goobledygook and trash. Suppose I telephone them and ask this question, "Can you tell me how I know that you take my data extremely seriously, or not extremelys seriously.....?" By the way, the letter does not tell a potential victim to call a Carphonewarehouse hotline. That's a really hot customer services manager?! (edited)
I kept one of those turds on the line for 40mins one day. Was bored and wanted to go fishing.
It’s always amazing how bank details never get hit. If that’s the case, take the rest of our data as seriously and encrypt it.
I wouldn't take their word as gospel, even in the past the card provider has been cautious when breaches occur from what I gather. Next we'll get an email to say oops we royally screwed up the hackers did get your payment info. I hope not but given that they have dragged their heals on releasing this announcement this I wouldn't be surprised.
These companies wonder why I use fake details where ever I can given their inability to keep my details safe
Oh I don’t make CPW any great profit, £50 max sales lol, once bitten twice shy - no more long termcontract sales for them for almost 20 years
What they don't say, as in this letter, hence, extremely thrifty with the truth, is why do hackers continue to hack away customer data for ...unconfirmed fraud or no fraud? Knowing what the hackers might do with the personal data is the key.
They said, "these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result."
Or boycott them entirely.
If you pay cash, you don't have any recourse through Credit Card when they screw you over on a warranty claim.