Up to 2.4 million Carphone Warehouse online customers may have had their personal details accessed by hackers in what’s considered to be one of the biggest data breaches in the UK and Ireland.
The mobile phone retailer said that it carried out an investigation into the matter and found that names, addresses, dates of birth and bank details of its customers may have been accessed.
The attack was apparently stopped immediately after the firms own systems discovered it on Wednesday afternoon. According to a Carphone Warehouse spokesman, evidence indicates the data breach began within the last two weeks before Wednesday afternoon.
It was the carried out on a division that operates the websites OneStopPhoneShop.com, e2save.com and mobiles.co.uk. This division also provides services to Talk Mobile, TalkTalk Mobile, iD Mobile and some Carphone Warehouse customers.
The company said in a statement: “On August 5 we discovered that the IT systems of a division of Carphone Warehouse in the UK had been breached by a sophisticated cyber-attack.”
Adding: “We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected.
“We have also put in place additional security measures to prevent further attacks.”
Sebastian James, group chief executive of Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.
“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
Carphone Warehouse could face a fine of up to £500,000 if its found to have failed to provide adequate protection for its customers.
Customer Warehouse being criticised for the way it has handled the breach
The company said that it started letting customers know about the breach as late as yesterday because its IT experts spend three days working out which customers were affected.
Consumer groups have criticised how Carphone Warhouse is handling the situation, particularly given the fact that many customers may not check their emails over the weekend and that those affected should receive text messages to alert them of the breach.
Marc Gander, of Consumer Action Group, said: “This is appalling. Considering Carphone Warehouse is a mobile phone company, it is within their means to send text messages.”