The real scoop on Dixons Carphone data breach

Cyber security is a growing worry for individuals, businesses and even governments. And it’s no wonder, when you hear large retailers like, British mobile phone and electricals retailer Dixons Carphone being the victim of a major cyber-attack for the second time in three years.

The Scoop on Dixons Carphone data breach:

On 13 June, Dixons Carphone acknowledged a huge data breach involving 5.9 million card payments and 1.2 million personal data records, after discovering unauthorised access to its payment card data.

That makes it by far the biggest UK data breach to date concerning financial data.

Not the first breach

 Carphone Warehouse, a Dixons Carphone subsidiary, was fined £400,000 in January 2018 for a breach of three million customers’ details three years ago. The regulator commented that the “well resourced” firm had used out-of-date software and had not taken even basic safeguards into consideration.

Experts have since commented that this recent breach is even more serious, because it exposed the details of 5.9 million customers’ payment cards, compared with card details of 118,000 in the last breach.

 How bad is the hack?

If we take all cyber-attacks into account worldwide, it is not on the same scale as the largest ones to date. For example, the 2013 raid on Yahoo or the 2017 cyber-attack on Equifax, but in UK terms it is one of the more grave attacks given the figures involved and the fact that credit card data was compromised.

Hackers can’t make purchases

The company has informed the appropriate card companies so they can take suitable safety measures for customers, and said there was no evidence of fraud on these cards as a result of the incident.

The reason they say this is, is because they point out, most of these cards had chip and protection, according to the company, which said the data accessed did not contain pin codes, card verification values, nor any data enabling cardholder identification. Dixons confirmed that none of the data accessed enabled the hackers to retrieve any identification that would allow them to make purchases.

The National Cyber Security Centre (NCSC), part of GCHQ, said today it is working with Dixons Carphone on mitigation measures, after the retailer said it was investigating a data breach involving 5.9m payment cards and 1.2m personal data records.

Company’s chief executive statement

Dixon’s new chief executive Alex Baldock has delivered a public apology.

Baldock said: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

He mentioned that Dixons Carphone had hired cyber security experts to handle the matter and had added extra security measures.

Cyber security policies should be top priority

 Retailers, Businesses and banks have a duty of care to their customers and one of the topmost priority responsibilities is when customers entrust personal and card data to them when buying their products.

Any company can fall prey of a data breach. The whole point of hackers, is that they want to try any means to get personal details to sell on, or for future phishing attacks. They are always trying to break the code. This is why it’s so vital that cyber security policies should be top priority, or else you could see your company in the middle of a cyber-attack catastrophe.

 Skills shortage in cyber security

There is a scarcity of skilled professionals qualified in cyber security. In the ESG/ISSA study done in 2017, 70 percent of cybersecurity professionals said that their organisation was affected by the cybersecurity skills gap, which resulted in situations such as an snowballing workload on cybersecurity staff, the need to hire and train junior personnel rather than experienced cyber security pros. Based on these findings demand for cyber security staff is now at its highest.

Become a skilled cyber security specialist

 Cyber Security staff will provide a company with an objective analysis of business security, offering remediation advice and direction fine-tuned to suit the unique security objectives and capabilities of business technology environments.

Most cyber security staff with be certified by the EC-Council, which guarantees confidentiality when they are verifying the security architecture of a business.

Our range of cyber security courses includes CompTIA Security+, CompTIA CSA+, CASP, CCNA Security, Certified Ethical Hacker, SSCP, CISSP, CISA, CISM, and many more.