At present, a unit of GCGQ is working with Dixons Carphone regarding mitigations measures following a major data breach which was exposed on June 13.
The National Cyber Security Centre or NCSC has stated that it was working with Dixons Carphone and other agencies like the Information Commissioner’s Office as well as Financial Conduct Authority, concerning the data breach of 5.9 million payment card information and 1.2 million personal data files.
How did it happen?
A sophisticated computer virus or malicious software reportedly launched the cyber attack – which entered processing systems at Dixons Travel shops and Currys PC World stores.
As reported by The Telegraph, this massive data breach occurred in July 2017, though it was only caught in June 2018 following an investigation of Dixon Carphone’s systems.
The NCSC said that anybody who is worried about the fraud and data theft should get in touch with Action Fraud and it is suggested that people should be alert against any unusual activity on their bank accounts.
Even though the data breach was exposed over the month of June, the truth it happened within the previous year – before the European General Data Protection Regulation (GDPR) laws came in force on 25 May – the most significant potential fine exacted would be a whopping £500,000.
Though, following the new GDPR laws, Dixons Carphone would get fined up to four percent of its yearly international revenue, which is expected to be approximately £423 million.
Dixons Carphone stated that it had called security experts for investigating the single data breach and executed additional security steps across its systems.
Dixons Carphone emphasized that it discovered no endeavors to defraud the breached cards and had reached out to the appropriate card companies, along with the police as well as other relevant authorities.
Alex Baldock, the chief executive, said that they are very disappointed and apologetic for any upset this might result in. The security of the data needs to be at the core of their business, and they have fallen short in that aspect.
They have taken measures to close off the unapproved access and, although at present they do not have any proof of fraud as an outcome of the events, they are taking this very seriously.
The 1.2 million data records which were accessed by the cyber criminals contained non-financial details like names, residential addresses, and email addresses.
Dixons Carphone said that it had no proof that the data had moved away from its systems or contributed to any fraud, though it was reaching out to the people concerned to guide them.
Bryan Glick, the editor in chief of Computer Weekly, said to the BBC that this security breach was one of the most significant violations until now concerning a UK company.
Although, he said that individuals should not panic. He added that if the user has not heard from the company to warn them, then the odds are that they are fine.
Zhou also gave advice about how people can protect their personal information. He said that it often a conflict between data security and convenience. When you are purchasing stuff online, then you always get an option of whether you wish to save your bank card details and you should always opt for no. The same should be done with passwords, having different passwords is safer, but it is also somewhat inconvenient.
Carphone Warehouse is amongst the several High Street retailers who are feeling the pressure of severe economic hurdles.
A month back, it informed about a sharp decline in profits in 2018 and announced it would shut down 92 of its over 700 Carphone Warehouse stores.