Posted 21 August 2018

Carphone Warehouse - 10 million customer details stolen

Be replacing any cards used at CPW as a precautionary measure, and check your credit files!


“Dear Customer,

On June 13, we began to contact a number of our customers as a precaution after we found that some of our security systems had been accessed in the past using sophisticated malware.

We promptly launched an investigation. Since then we have been putting further security measures in place to safeguard customer information, increased our investment in cyber security and added additional controls. In all of this we have been working intensively with leading cyber security experts.

Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. This unauthorised access to data may include personal information such as name, address, phone number, date of birth and email address.

While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result. We are continuing to keep the relevant authorities updated.

As a precaution, we are letting our customers know to apologise and advise them of protective steps to take to minimise the risk of fraud. These include:

  • If you receive an unsolicited email, letter, text or phone call asking for personal information, never reveal any full passwords, login details or account numbers until you are certain of the identity of the person making the request. Please do not click on any links you do not recognise.
  • If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040.
  • We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.
We take the security of your data extremely seriously and have previously announced that we have taken action to close off this access and have no evidence it is continuing. Nevertheless, we felt it was important to let customers know as soon as possible.

We continue to make improvements and investments to our security systems and we’ve been working round the clock to put this right. We’re extremely sorry about what has happened – we’ve fallen short here. We want to reassure you that we are fully committed to protecting your data so that you can be confident that it is safe with us


Yours sincerely,

Antreas Athanassopoulos
Dixons Carphone Chief Customer Officer.”


dixonscarphone.com/mes…age
Community Updates
New Comment

14 Comments

sorted by
's avatar
  1. deleted57770's avatar
    "This is Money" web site:

    They reassured customers that this meant hackers would not have access to their financial details, only their personal information.

    But data security experts have warned that personal details are far more valuable to hackers than credit card details – and the loss of personal information could have far-reaching consequences.

    ‘If a hacker has your credit card details, they can use them to shop online and perhaps sell them online – there is a black market for these details,’ says Mohamed Zouine, director of corporate development at identity protection specialists Ground Labs.

    ‘But if a hacker has your name, address, date of birth, national insurance number – this type of information – they can commit ID fraud and get money from you in many other ways.

    ‘They could apply for a credit card in your name, or apply for a loan, a mortgage, a phone contract. Anything that requires on ID verification they could do.’


    plus

    What do Hackers do with Your Stolen Identity?
  2. deleted57770's avatar
    The managers who approved this letter have been extremely thrifty with miserly with the truth. Just to pick a couple of points,

    They said. "...we have no confirmed instances of customers falling victim to fraud as a result." ==> How do they even know what to do and how to confirm?! How many were unconfirmed? The big give away for ignorance is this, they said, "...If you think you have been a victim of fraud you should report it to Action Fraud , he UK’s national fraud and internet crime reporting centre, on 0300 123 2040. (Another words, don't call us, we don't want to know, you have to confirm or not confirm with Action Fraud."

    They said, "We take the security of your data extremely seriously... " ===> How can we test or find out?! It is just goobledygook and trash. Suppose I telephone them and ask this question, "Can you tell me how I know that you take my data extremely seriously, or not extremelys seriously.....?" By the way, the letter does not tell a potential victim to call a Carphonewarehouse hotline. That's a really hot customer services manager?! (edited)
  3. Oneday77's avatar
    wayners15 m ago

    I was talking to a lady that got a phone call from Microsoft. They …I was talking to a lady that got a phone call from Microsoft. They confirmed her name and address and Hotmail email account. They asked her to go to pc and they will help her remove a virus. She did until they took control of pc and started downloading something when she panicked and pulled the plug. Hung up on phone and phoned her son. Near miss that one but that's how they scam some people. Maybe 1 in 100 will fall for it.


    I kept one of those turds on the line for 40mins one day. Was bored and wanted to go fishing.

    It’s always amazing how bank details never get hit. If that’s the case, take the rest of our data as seriously and encrypt it.
  4. charliecroker1966's avatar
    Everytime there is a breach at CPW Dixons one of my credit cards gets blocked, tried using the same account several times today and each time it was denied. An email that I just received kind of explains things now. I guess I shall be getting a new card in the post anytime soon as a precautionary measure as the card provider puts it everytime.
  5. charliecroker1966's avatar
    deleted5777021/08/2018 20:53

    They said, "these records do not contain payment card or bank account detai …They said, "these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result."



    I wouldn't take their word as gospel, even in the past the card provider has been cautious when breaches occur from what I gather. Next we'll get an email to say oops we royally screwed up the hackers did get your payment info. I hope not but given that they have dragged their heals on releasing this announcement this I wouldn't be surprised.

    These companies wonder why I use fake details where ever I can given their inability to keep my details safe
  6. deleted46656's avatar
    Author
    Oneday7718 m ago

    Or boycott them entirely. If you pay cash, you don't have any recourse …Or boycott them entirely. If you pay cash, you don't have any recourse through Credit Card when they screw you over on a warranty claim.


    Oh I don’t make CPW any great profit, £50 max sales lol, once bitten twice shy - no more long termcontract sales for them for almost 20 years
  7. wayners's avatar
    I don't care as no banking information was taken so they say. That's a different level of security unlike customers information which can be found across the system I guess. Also this happened last year so a bit late to warn people. These data breaches are happening all the time and it was said we never get to hear about many of them. All the information they say was stollen is on my van side and website, however I understand that some folks could fall for a scam if contacted. (edited)
  8. deleted57770's avatar
    wayners15 m ago

    I don't care as no banking information was taken so they say. That's a …I don't care as no banking information was taken so they say. That's a different level of security unlike customers information which can be found across the system I guess. Also this happened last year so a bit late to warn people. These data breaches are happening all the time and it was said we never get to hear about many of them. All the information they say was stollen is on my van side and website, however I understand that some folks could fall for a scam if contacted.



    What they don't say, as in this letter, hence, extremely thrifty with the truth, is why do hackers continue to hack away customer data for ...unconfirmed fraud or no fraud? Knowing what the hackers might do with the personal data is the key.
  9. wayners's avatar
    Ah.. I don't believe a word of it. All carefully written. One of the big 3 credit agencies got hacked and you could search your email address to see if your account was one. It turned out that the no matter what email address you put in they recommend their premium service with free trial. The security podcasts I listen to said to look out for bank detail hack. Then panic! Names addresses ect of everyone is on the dark web already. Probably... So they said.. If Google or PayPal get hit I'm done for. Oneplus got hacked but I used PayPal so all OK. The others were not so lucky I guess. (edited)
  10. wayners's avatar
    I was talking to a lady that got a phone call from Microsoft. They confirmed her name and address and Hotmail email account. They asked her to go to pc and they will help her remove a virus. She did until they took control of pc and started downloading something when she panicked and pulled the plug. Hung up on phone and phoned her son. Near miss that one but that's how they scam some people. Maybe 1 in 100 will fall for it. (edited)
  11. deleted46656's avatar
    Author
    I’ve a habit of paying cash in CPW now
  12. deleted57770's avatar
    charliecroker196621/08/2018 20:24

    Everytime there is a breach at CPW Dixons one of my credit cards gets …Everytime there is a breach at CPW Dixons one of my credit cards gets blocked, tried using the same account several times today and each time it was denied. An email that I just received kind of explains things now. I guess I shall be getting a new card in the post anytime soon as a precautionary measure as the card provider puts it everytime.



    They said, "these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result."
  13. wayners's avatar
    Planet money podcast (npr) USA... Is a brilliant podcast although I've not listened to for a while.. Anyway. A scamper blew the whistle on a call centre. He said they were so good at conning folks they played golf around the office while on the phone taking folks money. (edited)
  14. Oneday77's avatar
    deleted4665621/08/2018 20:32

    I’ve a habit of paying cash in CPW now



    Or boycott them entirely.
    If you pay cash, you don't have any recourse through Credit Card when they screw you over on a warranty claim.
's avatar