Dixons Carphone says that almost six million debit and credit card details were accessed in a data breach, together with over a million ‘non-financial’ records, such as name, email address and home address. What should you do if you’re a Dixons Carphone customer?
Q. What information was accessed?
Dixons Carphone says that 5.9 million debit and credit card details were accessed and 1.2 million non-financial records. It says that 105,000 of the credit cards were protected by chip and pin. Dixons Carphone says that although debit and credit card numbers were accessed, the CVV numbers were not.
SAVVY TIP: CVV numbers are three digit codes on the back of the card that you have to hand over if you want to make an online or phone purchase.
This means that it would be difficult for fraudsters to use these cards without getting other information.
Dixons Carphone says that details of customers’ names, email addresses and home addresses were also accessed. It says that it has no evidence that this information left its system. What that means is that that someone has been able to see the information but not download it.
Q. Has any fraud been committed using these details?
Dixons Carphone says that there’s no evidence that fraudsters have used debit and credit card details or email or home addresses to commit fraud. It also says it’s contacted the card companies of those who’ve had their data accessed and that there have been no fraudulent transactions since the data breach. The card companies are putting a watch on these accounts to spot fraudulent activity.
However, fraudsters and hackers rarely expect to get all the data they need in one hack to commit fraud. They steal data so they can sell it onto someone else (who may commit fraud).
If there’s other information available about you from unrelated hacks, or if you can be persuaded to part with this data, fraudsters can then target you. I don’t think Dixons Carphone can be sure that the stolen data won’t be used in the future.
Q. What should I do?
Be aware that fraudsters will probably capitalise on this hack and email, write to or ring people pretending to be from Dixons Carphone, from their bank or the police. These emails and calls can be very convincing, but my advice is to listen to your gut feeling and be particularly wary if an email is trying to get you to click on a link and give away personal information, or if a caller is asking you to move money or to give them access to your computer screen so they can fix a fault. These are all tried and tested scams.
Q. Will Dixons Carphone be fined?
It could be fined. The Information Commissioner says it’s looking into the data breach. It’s early days in its investigation, but one of the areas it’s looking at is whether the breach happened under the 1998 Data Protection Act or the 2018 GDPR rules. If it comes under the GDPR rules, the fine could be much higher.
SavvyWoman email newsletters: If you found this information useful why not sign up now to receive free fortnightly email newsletters with money saving tips and help? You can sign up at the top of any page on the website and your details won’t be passed to any other company for marketing purposes.