Previous Story
UK watchdog investigating Carphone Warehouse breach
Posted On Aug 12 2015
Comment: Off
Carphone Warehouse told the BBC that it was in the process of informing all the customers who may have been affected by the cyberattack and helping them to reduce further risk of their personal data being exposed as a result.
Telecoms group TalkTalk, which also said some of its customers were affected by the incident, saw its shares fall by almost 1%, though they later recovered to around their opening level.
This technique of DDoS as a smokescreen is becoming a more commonplace threat, especially for any internet-connected business that is housing sensitive data, such as credit card details or other personally identifiable information.
Speaking to the Irish Independent, Carphone Warehouse said it uses separate IT systems for Ireland and there are no signs of a breach.
The attackers may also have accessed encrypted payment-card details of 90,000 customers.
Asked when the data breach began, a spokesman replied: “The evidence indicates within the last two weeks (before Wednesday)”.
The breach was detected on August 5, the company announced and affects the IT systems division of Carphone Warehouse in the UK, which operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and provides a number of services to iD Mobile, TalkTalk Mobile, Talk Mobile, and to certain customers of Carphone Warehouse.
An investigation carried out by the company found that names, addresses, dates of birth and bank details of customers could also have been accessed.
Even though the breach took place on Wednesday, the company started contacting customers on Saturday and said it took down all of the affected websites for security reasons.
Mr James said: “We take the security of customer data extremely seriously and we are very sorry that people have been affected by this attack on our systems”.
“Someone having access to your personal information or bank account details does not necessarily mean you have been a victim of identity theft or that your information will be used to commit fraud”, the company said in a statement.
The retailer has now turned to a “leading cyber security firm” to find out exactly what happened and how to get back the data that was stolen.
