Dixons Carphone has admitted a huge data breach following a prolonged hacking attempt. The data hack involves 5.9 million payment cards and 1.2 million personal data records. The breach occurred following a number of attacks – carried out over a period of 12 months.

The personal data records compromised by the hackers includes information such as names, addresses and email addresses. All of which can be used to carry out data theft and fraud.

Also, while most of the cards had chip and pin protection, some 105,000 non-EU issued cards did not have this technology. While the company has said there is no evidence that any of the cards had been fraudulently used, a full police investigation is now underway. The regulators have also been informed and it is thought that the breach could leave the company open to a large fine.

Alex Baldock, chief executive at Dixons Carphone said:

“We are extremely disappointed and sorry for any upset this may cause.

 “The protection of our data has to be at the heart of our business, and we’ve fallen short here.

 “We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

A history of data protection failures

Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a whopping £400,000 following another cyber-attack. The fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO). In that breach, the personal data of over three million customers and 1,000 employees was put at risk. Including the historical payment card details for some 18,000 customers.

While Dixons Carphone claims that the two incidents are unrelated, the Information Commissioner (ICO) will now be looking very carefully at this latest failing.

What can you do?

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse and the merged Dixons Carphone should now be looking to claim compensation.

The company has said that it will be contacting those affected to advise them of the breach. We would urge anyone contacted to let us know and start a data protection compensation claim; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you are affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.