U.K. electronics retailer Dixons Carphone PLC said June 13 that hackers had gained access to data held by the company, and about 105,000 payment cards issued outside the European Union were compromised.
The company, which operates stores under the Currys PC World brand as well as Dixons Travel airport shops, said in a statement filed to the London Stock Exchange that it had notified relevant card companies via its payment provider so they could take measures to protect customers. The cards that were compromised did not have chip and PIN code protection.
Dixons Carphone added that it had no evidence of fraud on those cards as a result of the data breach.
An investigation by the London-based company indicated that there had been an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores. However, 5.8 million of those cards had chip and PIN protection, and the accessed data did not contain PIN codes, card verification values, or CVVs, or any other authentication data that would allow purchases to be made.
It also found that 1.2 million records containing nonfinancial personal data such as names, physical addresses or email addresses had been accessed, but the company said it had no evidence that the information had left its systems or resulted in any fraud "at this stage."
Dixons Carphone said it was contacting those whose nonfinancial personal data had been accessed to inform them of what happened and offer an apology as well as advice on protective steps to follow.
"We have taken action to close off this access and have no evidence it is continuing," Dixons Carphone said. "We have no evidence to date of any fraudulent use of the data as result of these incidents."
This is the latest example of hackers infiltrating a company's secure network to access consumers' data. Bank of Montreal and Canadian Imperial Bank of Commerce's Simplii Financial were targeted in May by hackers who reportedly demanded a ransom after accessing customer data. In March, sports apparel company Under Armour Inc. disclosed that hackers accessed the information of about 150 million users of its online fitness and nutrition website and app MyFitnessPal.
The breach at Dixons Carphone was discovered as part of a review of systems and data, the company said. It did not indicate when the breach occurred but said an investigation was promptly launched and that it had also engaged leading cybersecurity experts and added extra security measures to systems.
The company also noted that the Information Commissioner's Office, Financial Conduct Authority and local police had been informed in the U.K.
"We are extremely disappointed and sorry for any upset this may cause," Dixons Carphone CEO Alex Baldock said in a statement. "The protection of our data has to be at the heart of our business, and we've fallen short here. We've taken action to close off this unauthorized access, and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously."
In early morning trading in London, Dixons Carphone shares were down 8.2 pence, or 4.2%, at 189.55 pence.