Major retailer Carphone Warehouse yesterday reported that one of its UK divisions experienced a “sophisticated cyber-attack” on Wednesday, giving hackers access to sensitive information of up to 2.4 million customers.
The data that hackers potentially got ahold of consist primarily of names, date of birth, addresses, and bank details. However, hackers seemed to only get ahold of encrypted credit information of up to 90,000 customers, which is still a staggering figure, but much less than the 2.4 million.
An executive, quoted by The Telegraph, says Carphone Warehouse is doing all it can to inform and warn affected customers:
Sebastian James, chief executive of Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.” “We are, of course, informing anyone that may have been affected, and have put in place additional security measures,” he added. The company said that the customer information of Currys and PC World, and “the vast majority” of Carphone Warehouse customer data is held on separate systems and has not been affected.”
The division that was hacked runs the websites OneStopPhoneShop.com, e2save.com, and Mobiles.co.uk. However, the division also operates the recently launched iD mobile network, TalkTalk Mobile, and Talk Mobile. 480,000 customers from those three operations could have been affected, too.
Keep in mind that hackers aren’t usually able to do anything with the data they steal. In most cases, the data they find about affected customers is a gateway to get pertinent information through social engineering tactics, which is the far greater threat in this breach.
With the information hackers have stolen, they are able to call you, posing as someone else, such as your bank, the government, and so on, to get sensitive information from you would not give out to anyone else.
That said, victims of this breach should be wary of any suspicious emails and phone calls trying to fish for more information.
Data breaches have become commonplace, so anywhere you divulge information to or spend money at via electronic funds (credit cards, debit cards, and etc) puts you at risk. There’s no clear way to keep customer information 100% secure, besides implementing better systems. However, even then, hackers will still find ways to breach those systems.
Carphone Warehouse will no doubt be trying to put out this fire for some time now. Let’s hope they’ve been able to properly fix the exploit and seriously focus on efforts to keep their customers data safe.
source: The Telegraph