British mobile phone retailer, Carphone Warehouse, which has over 2,400 stores across Europe, has been hacked. The personal data of up to 2.4 million customers was compromised — and worse — when a “sophisticated cyberattack” breached IT systems at one of its divisions in the United Kingdom.
Specifically, the division that operates OneStopPhoneShop.com, e2save.com and Mobiles.co.uk — and offers services to TalkTalk Mobile, iD Mobile and Talk Mobile, as well as certain customers of Carphone Warehouse — was hacked.
Carphone Warehouse said it took “immediate action” to secure the systems and has launched an investigation with a top cybersecurity firm to ascertain the actual breadth of the breach. Meanwhile, the company has launched new security measures to stop more attacks.
90,000 Credit Cards also Hit
“Our investigation has indicated that personal data, which may include name, address, date of birth and bank details of up to 2.4 million customers, may have been accessed,” the company said in a statement. “Encrypted credit card data of up to 90,000 customers may also have been accessed.”
Carphone Warehouse and its partners are contacting customers who may have been affected to give them the bad news and offer advice to help them minimize both the personal risk and inconveniences associated with a breach. The company also made it clear that data of Currys and PCWorld — and the vast majority of Carphone Warehouse customer data — is held on separate systems that was not compromised in the security incident.
“Someone having access to your personal information or bank account details does not necessarily mean you have been a victim of identity theft or that your information will be used to commit fraud,” the company said in a statement. “We recommend that you take the appropriate steps to protect yourself, such as closely reviewing account statements for suspicious activity.”
What Makes This Different?
We caught up with Tim Erlin, director of IT security and risk strategy for advanced threat detection firm Tripwire, to get his thoughts on the Carphone Warehouse breach. He told us there’s something different about this one that’s worth noting. Indeed, it’s different than the Target, Home Depot, Neiman Marcus and other security incidents that have made headlines in recent years.
“Unlike some of the other retail breaches of late, this one was discovered internally by Carphone Warehouse, and disclosed publically only a few days after discovery. That’s an improvement over breaches that were discovered through credit card fraud and kept undisclosed for longer periods of time,” Erlin said.
“It appears that 90,000 of the 2.4 million affected customers may have had their credit card data accessed, though it was encrypted,” he added. “The limited number of credit cards affected should also limit the impact of the breach itself.”
