Dixons has confirmed they suffered a data breach that started last July, leaking 5.9 million payment cards and 1.2 million personal records.
The breach started last July, but Dixons was not able to find out until last week. This is not surprising considering the average data breach takes several months to be detected.
The hackers stole 5.9 million payment cards, 100,000 of those cards are not protected by chip and pin, making it easier to use them fraudulently in the card present world. However, Dixons has already informed that they have not found evidence that any of the leaked cards have been used fraudulently.
Dixons Carphone chief executive Alex Baldock said in a statement, “we’ve taken action to close off this unauthorized access, and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously,”
The company is contacting all those users affected by the breach. If Dixons has contacted you, we advise you to cancel your exposed cards and to closely monitor your credit bureau in case someone has been using your data to apply for credit.
Data breaches are extremely difficult to prevent as finding vulnerabilities in a system is how bad actors make a living. Still, the consequences go beyond the breach itself; Dixons Carphone’s shares have already fallen more than 3% during the early afternoon trading.
When asked about any potential link to the Carphone breach in 2015, which cost them £400,000 in fines, they are confident these are two separate incidents, and they are currently assessing any other potential vulnerabilities.
As we know, credit card information, combined with other user data from other breaches can build a complete profile. In the hands of fraudsters and criminals, these valuable identity sets are can be sold to other cybercriminals.
Bad actors keep taking advantage of the smallest gap to steal customer data. For this reason, is essential to change the current equation of “breach = fraud.” New technologies are allowing companies to verify their users with more than just data – such as behavioral or physical biometrics – and protect companies and customers from post-breach damage. Companies need to protect customer information, but more importantly, they need to make the stolen data valueless.
Related to this post 92 million user accounts compromised in MyHeritage breach