Dixons Carphone originally said that almost six million debit and credit card details were accessed in a data breach, together with over a million ‘non-financial’ records. Now it’s confirmed that ten million non financial records, such as name, email address and home address were accessed. What should you do if you’re a Dixons Carphone customer?
Q. What information was accessed?
In June, when Dixons Carphone reported the data breach, it said that 5.9 million debit and credit card details had accessed. It said that 105,000 of the credit cards were protected by chip and pin. Dixons Carphone pointed out that although debit and credit card numbers were accessed, the CVV numbers were not.
SAVVY TIP: CVV numbers are three digit codes on the back of the card that you have to hand over if you want to make an online or phone purchase. This means that it would be difficult for fraudsters to use these cards without getting other information.
It also said that 1.2 million non-financial records were accessed. What’s emerged today (July 31st) is that far more customers had their names, email addresses and home addresses accessed. In all, 10.2 million non-financial records were accessed. Crucially, Dixons Carphone now says that there’s evidence that some of this information left its system.
Q. Has any fraud been committed using these details?
Dixons Carphone says that there’s no evidence that fraudsters have used debit and credit card details or email or home addresses to commit fraud. It also says it’s contacted the card companies of those who’ve had their data accessed and that there have been no fraudulent transactions since the data breach. The card companies are putting a watch on these accounts to spot fraudulent activity.
However, fraudsters and hackers rarely expect to get all the data they need in one hack to commit fraud. They steal data so they can sell it onto someone else (who may commit fraud).
If fraudsters can steal or buy other information about you – either directly from you or from unrelated hacks – they can then try and commit fraud. I said in June that I didn’t Dixons Carphone could be sure that the stolen data wouldn’t be used in the future, and I still believe that.
Q. What should I do?
Be aware that fraudsters will probably capitalise on this hack and they may email, write to or ring you pretending to be from Dixons Carphone. They may also pretend to be from your bank or even the police.
These emails and calls can be very convincing, but my advice is to listen to your gut feeling and be particularly wary if an email is trying to get you to click on a link and give away personal information. The same applies if a caller is asking you to move money to a ‘safe account’ or to give them access to your computer screen so they can fix a fault. These are all tried and tested scams.
Q. Will Dixons Carphone be fined?
It could be fined. The Information Commissioner says it’s looking into the data breach. It’s early days in its investigation, but one of the areas it’s looking at is whether the breach happened under the 1998 Data Protection Act or the 2018 GDPR rules. If it comes under the GDPR rules, the fine could be much higher.
You can read the updated statement from Dixons Carphone on its website.
SavvyWoman email newsletters: If you found this information useful why not sign up now to receive free fortnightly email newsletters with money saving tips and help? You can sign up at the top of any page on the website and your details won’t be passed to any other company for marketing purposes.