August 10th 2015
Carphone Warehouse customers are being warned that their personal data may have been breached in a sophisticated cyber-attack. The high street and online communications giant discovered last Wednesday that the IT systems of one of its divisions were hacked into, yet the firm made the breach public only on Saturday … three days later. Customers of the company and some other organisations (listed below) should change their passwords immediately – along with passwords on other accounts for which they use the same login details.
The company is investigating how criminals succeeded in the breach affected TalkTalk mobile customers. The Metropolitan Police and Information Commissioners Office have also been notified.
In a statement on Saturday, Carphone Warehouse revealed that the personal details of as many as 2.4 million customers may have been compromised – including names, addresses, date of birth information and bank details. The credit card data of 90,000 customers may also have been accessed although this was stored in an encrypted form. The statement also said: “We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience.”
Websites affected include e2save.com, OneStopPhoneShop.co.uk and Mobiles.co.uk. Carphone Warehouse also provides services to TalkTalk Mobile and to its own recently launched iD mobile network. They were taken down as a precautionary measure, and OneStopPhoneShop.co.uk is still down at the time of writing.
Sebastian James, CEO of the firm’s parent Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry people have been affected by this attack. We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
Currys and PC World customer data, along with that of the “the vast majority” of Carphone Warehouse customers, had not been affected at it was held on separate systems, according to the company.
Tony Neate, CEO, Get Safe Online, commented: "This news is hugely concerning for Carphone Warehouse customers. With the stolen data potentially including names, addresses and dates of birth, hackers could also gain access to your other online accounts if you are using any of this information for your passwords. If this is you, now is the time to give your passwords an overhaul – think of something unpredictable and different for every account. Carphone Warehouse is said to be getting in touch with customers who need to notify their bank and credit card company, but don't be fooled by emails or phone calls pretending to be them. There will always be more cyber criminals looking to exploit the situation and trick you into sharing information a legitimate company would never ask for."
Advice for Carphone Warehouse, e2save.com, OneStopPhoneShop.co.uk, Mobiles.co.uk, TalkTalk Mobile or iD customers
– Notify your bank and credit card company, so they can monitor activity on your account
– Change your password for your online account and – if you use the same login details for other accounts – on those too.
– Check your bank and other online accounts for any suspicious or unexpected activity.
– Be wary of phone calls, emails or other communications asking for personal information, bank details or passwords.
– Visit a credit checking service such as Experian to review your credit rating to make sure nobody has applied for credit in your name.
If you think you have been the victim of fraud
Contact Action Fraud on 0300 123 2040.