Currys PC World and Dixons Travel has admitted that 5.9 million payment card details and the personal data of 1.2 million customers have been accessed by hackers in a massive data breach.
Some 5.8 million of the cards have chip and PIN protection and Dixons Carphone Warehouse, which runs both firms, says the hackers did not get hold of PIN numbers, the three digit verification code on the back of the cards or any data which would allow the cards to be used to buy goods.
But some 105,000 non-EU cards which didn't have chip and PIN protection were also compromised, and Dixons Carphone Warehouse says it has contacted the card firms and customers who have been affected.
A further 1.2 million records containing non-financial personal data, such as name, address or email address, have also been accessed.
It follows Carphone Warehouse, which is part of the same group, being fined £400,000 in January this year for a data breach in which more than three million customers' details were compromised.
See 30+ Ways to Stop Scams for ways to protect yourself online.
Get Our Free Money Tips Email!
How do I know if I'm affected?
Dixons Carphone Warehouse says it is still investigating the hack, which it discovered last week, but it could have happened as far back as July last year. Here's a summary of what was taken:
- Details of 5.8 million cards with chip and PIN. These could have been held simply if a customer made a purchase at either Currys PC World or Dixons Travel in the past year. Dixons Carphone Warehouse says it has contacted the banks but will not be contacting individual customers as it does not have their details.
- Details of 105,000 non-EU cards without chip and PIN. Again, these could have been held simply if a customer made a purchase at either Currys PC World or Dixons Travel in the past year. Dixons Carphone Warehouse is contacting card firms and customers.
- Non-financial records of 1.2 million customers. This is personal data submitted by customers, for example if they are a Currys PC World Know How customers who signed up to a support package. Dixons Carphone Warehouse is contacting these customers.
What should I do?
Dixons Carphone Warehouse says there has been no evidence of fraud as a result of the hack, but there are a few general tips below if you're worried:
- Regularly check your accounts. It's good practice to regularly keep an eye on your bank accounts and credit card statements. If you spot anything unusual contact your provider immediately.
- Watch out for scams. Be alert and watch out for potential scam emails or calls - don't simply assume they are genuine even if they look believable.
- Change your password. Dixons Carphone Warehouse doesn't think any passwords were taken, but if you're worried change your password, and change it on other sites where you have used the same one.
What does Dixons Carphone Warehouse say?
Chief executive Alex Baldock said: "We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here.
"We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
"We are determined to put this right and are taking steps to do so. We promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge."
The firms says it has informed the police, the Financial Conduct Authority and the Information Commissioner's Office.