British electronics retailer Dixons Carphone admitted a huge data breach on Wednesday involving 5.9 million payment cards and 1.2 million personal data records.
The company discovered its systems were first breached in July 2017 and has been investigating the issue, it said in a press release.
During the course of its investigation, Dixons Carphone discovered an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores, but 5.8 million of the cards are protected by chip and PIN, the company said.
The investigation also revealed that 1.2 million records containing non-financial personal data, such as name, address or email address, had been accessed by hackers. Dixons Carphone is contacting affected customers to inform them and apologise individually.
The retailer has discovered no evidence of fraud, but has passed details of the other 105,000 non-EU issued cards affected to the relevant card companies. The Information Commissioner, the Financial Conduct Authority and the police have also been informed.
Dixons Carphone CEO Alex Baldock issued an apology for the upset caused in a statement, saying:
“The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected.”