In Depth

Carphone Warehouse: should you be worried about data hack?

Some 2.4 million customers' details may have been accessed, including bank and credit card details

A major online security breach at Carphone Warehouse could have left the personal details of 2.4 million customers exposed to unknown hackers.

A spokesman told The Guardian a web security firm is now "crawling all over our systems" and the Information Commissioner's Office is investigating the breach.

MPs on the Treasury Select Committee could demand a session with company bosses to answer questions, according to the Daily Mail. But what should worried customers do?

Who was affected by the breach?

The attack was directed at a division of the company which operates OneStopPhoneShop.co.uk, e2save.com and Mobiles.co.uk, so if you have an account through one of these websites you may be affected. This part of the company also provides services to TalkTalk Mobile, Talk Mobile and Carphone Warehouse's own recently launched 'iD' mobile network.

It says it has already written to customers whose details may have been compromised and has issued assurances that anyone who has made purchases or opened accounts with its other brands, accounting for the "vast majority" of customer data held, are completely secure. Other subsidiaries of parent company Dixons Carphone, including Currys and PC World, are also unaffected.

What data may have been accessed?

The Financial Times says the details of around 1.9m direct customers, and 480,000 through TalkTalk, could have been accessed, including personal information such as names, addresses and date of birth, and bank details. Credit card details of around 90,000 may also have been exposed, but The Guardian says this information was "stored in an encrypted form".

What action has the company taken?

Carphone Warehouse said the hack, which took place over a couple of days, was stopped "straight away" following its detection and websites temporarily taken down, says the Mail. A web security firm that specialises in cyber attacks has trawled the systems and the company now says they are safe.

Having detected the attacks on Wednesday it began writing to customers on Saturday to inform them of the breach and give advice on what to do, which has led to criticism over why it did not let people know immediately. The Information Commissioner's Office is now investigating and has the power to fine the company £500,000.

The FT says Scotland Yard is "aware" of the incident, but has not received a crime report, and the National Crime Agency would not confirm if it was investigating.

What action should I take?

Customers who believe they may have been affected are being advised to change their passwords and check for suspicious activity on their bank and credit card accounts. If fraud is suspected, you are advised to contact Action Fraud, the UK’s national fraud and internet crime reporting centre.

Is this incident unique?

Unfortunately not – far from it. With the rapid growth in recent years of 'ecommerce', web-based portals are now a common target for increasingly sophisticated criminals. In the past the likes of Sony's PlayStation Network have been hacked, while the FT also cites previous attacks on US health insurer Anthem and US retailer Target.

General advice to customers is to ensure passwords are not closely related to the sort of personal data commonly held, such as date of birth, to prevent any minor security breach giving access to more sensitive accounts. Passwords should involve an element of encryption, such as numerical digits in place of letters, and be changed frequently.  

Recommended

‘Cost of living will decide race’
Today’s newspaper front pages
Today’s newspapers

‘Cost of living will decide race’

How Truss and Sunak would tackle a recession
Liz Truss and Rishi Sunak at a debate
Getting to grips with . . .

How Truss and Sunak would tackle a recession

What next for the UK economy?
Governor of the Bank of England Andrew Bailey faces the media on 4 August 2022
Today’s big question

What next for the UK economy?

Quiz of The Week: 30 July - 5 August
Governor of the Bank of England, Andrew Bailey
Quizzes and puzzles

Quiz of The Week: 30 July - 5 August

Popular articles

Will China invade Taiwan?
Chinese troops on mobile rocket launchers during a parade in Beijing
Fact file

Will China invade Taiwan?

Is World War Three on the cards?
Ukrainian soldiers patrol on the frontline in Zolote, Ukraine
In Depth

Is World War Three on the cards?

Ten Things You Need to Know Today: 8 August 2022
10 Downing Street
Daily Briefing

Ten Things You Need to Know Today: 8 August 2022

The Week Footer Banner