Pay today

New Contract

Pay monthly
Added to compare

Important message from Dixons Carphone

On June 13, we began to contact a number of our customers as a precaution after we found that some of our security systems had been accessed in the past using sophisticated malware.

 

We promptly launched an investigation.  Since then we have been putting further security measures in place to safeguard customer information, increased our investment in cyber security and added additional controls. In all of this we have been working intensively with leading cyber security experts.

 

Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. This unauthorised access to data may include personal information such as name, address, phone number, date of birth and email address.

 

While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result. We are continuing to keep the relevant authorities updated.

 

As a precaution, we are letting our customers know to apologise and advise them of protective steps to take to minimise the risk of fraud. These include:

 

  • - If you receive an unsolicited email, letter, text or phone call asking for personal information, never reveal any full passwords, login details or account numbers until you are certain of the identity of the        person making the request. Please do not click on any links you do not recognise.
  • - If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040.
  • - We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.
  •  

We take the security of your data extremely seriously and have previously announced that we have taken action to close off this access and have no evidence it is continuing.  Nevertheless, we felt it was important to let customers know as soon as possible.

 

We continue to make improvements and investments to our security systems and we’ve been working round the clock to put this right. We’re extremely sorry about what has happened – we’ve fallen short here. We want to reassure you that we are working around the clock and are fully committed to protecting your data so that you can be confident that it is safe with us.

 

Yours sincerely,

 

Antreas Athanassopoulos
Dixons Carphone Chief Customer Officer

 

FAQ

  1. 1. What's happened?

As part of a review of our data security systems, we discovered that in 2017 they had been improperly accessed using sophisticated malware. Customer records, including personal information such as name, address, date of birth, phone number and email address, may have been compromised. These records do not contain payment card or bank account details. 

We also discovered that there was an attempt to compromise some payment cards used in Currys PC World and Dixons Travel stores. However, almost all of these cards had chip and pin protection. As a precaution we immediately notified the relevant card companies so that they could take the appropriate measures to protect customers.

We took immediate steps to confirm this activity had been stopped, and we have no confirmed instances of customers falling victim to fraud as a result of this attack.

 

  1. 2. Does it affect me, and what should I do?

Of the approximately 10m records relating to personal data included in the incident, the complex nature of this attack means it won’t be possible for us to be certain which customers within the data set have been affected. These records contain personal data such as name, address, phone number, date of birth or email address but do not contain payment card or bank account details.

In relation to payment cards, almost all of these cards had chip and pin protection and the data did not contain pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made. We immediately notified the relevant card companies so that they could take the appropriate measures to protect customers.

We have no confirmed instances of customers falling victim to fraud as a result, however, as a precaution, we are advising all our customers of simple protective steps which can minimise the risk of fraud. These include:

 

  • If you receive an unsolicited email, letter, text or phone call asking for personal information, never reveal any full passwords, login details or account numbers until you are certain of the identity of the person making the request. Please do not click on any links you do not recognise.
  • If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040.
  • We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.

We're extremely sorry about what has happened – we’ve fallen short here. We want to reassure you that we are working around the clock and are fully committed to protecting your data so that you can be confident that it is safe with us.

 

  1. 3. What are you doing about this and how will you prevent this from happening again?

We have been putting further security measures in place including enhanced controls, monitoring and testing to safeguard customer information and we are making investments at pace, trebling our investment in cyber security to ensure our systems are the best they can be. In all of this we have been working intensively with leading cyber security experts, and our forensic investigation is now nearing completion. We took immediate steps to confirm this activity had been stopped, and we have no confirmed instances of customers falling victim to fraud as a result.

 

  1. 4. Is it safe to continue shopping with you in store or online?

Yes, we want you to feel safe in all dealings with us. We are fully committed to making our customers’ personal data safe and we have been putting further security measures in place to safeguard customer information.

 

  1. 5. Has the incident been resolved?

Yes, we took immediate steps to confirm these incidents had been stopped. We have been putting further security measures in place including enhanced controls, monitoring and testing to safeguard customer information and  we are making investments at pace, trebling our investment in cyber security to ensure our systems are the best they can be.

 

  1. 6. Why was the data being held by you?

This was the information we collect and store through the normal course of business and in line with our privacy policy which can be found on our relevant brands’ websites.

 

  1. 7. Why has it taken so long for you to announce this?

The complex nature of these types of incidents means that it takes a long time to investigate. We have been working around the clock along with leading cyber security experts and our investigation is now reaching its conclusion.