The UK’s data protection watchdog is investigating the hacking of Carphone Warehouse after the personal details of up to 2.4 million of its customers may have been stolen in a cyber-attack.
Carphone Warehouse said the names, addresses, date of birth information and bank details and 90,000 customer credit cards – “may also have been accessed” in an attack on Wednesday.
The Information Commissioner’s Office, which examines data breaches, confirmed it was aware of the incident and is making enquiries.
The high street firm said in a statement said. “We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience.”
Insurance firms launch first diversity festival in London
Smartphones are damaging our children’s health and education
Why are businesses failing at change management?
Women in L&D – why they don’t always make it to the top
Customers with accounts at OneStopPhoneShope.com, e2save.com and mobiles.co.uk may also be affected.
Carphone Warehouse became aware of the massive breach mid-week and began warning customers of the attack via email on Saturday. Affected websites were taken down.
Around 480,000 of the 2.4 million customers affected by the breach are TalkTalk Mobile customers and 1.9m were customers of Carphone Warehouse directly.
The retailer’s owner, Dixons Carphone, has apologised for the attack and said additional security measures have been brought in.
Mike Spykerman, VP at OPSWAT, which provides data services and security solutions, commented on this: “The reality is that data breaches are no longer a question of if, but when. At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not.
“Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines. By using multiple anti-virus engines, the possibility that a spear phishing attack is detected is considerably higher.
“To avoid cyber attacks being successful, companies should prepare their defences by deploying several cyber security layers including device monitoring and management, scanning with multiple anti-malware engines, and advanced threat protection.”