Dixons Carphone – The Latest Victims of a Cyber Attack
Dixons Carphone – the latest data attack
The headlines are once again full of news about another company falling foul to a massive data breach. Dixons Carphone revealed that 5.9 million customer bank card details and 1.2 million personal data records including names, addresses and email information had been accessed by cyber criminals. Customers of Currys, PC World and Dixons Travel stores in airports had their data accessed by hackers – Carphone Warehouse sales were not affected.
It took nearly a year for the parent company to realise its error. It only came up during a review of the company’s systems. So, it happened before GDPR came into effect. The maximum fine Dixons Carphone could face is £500,000 rather than £20 million or 4% of their annual turnover – whichever is greatest. However, this does not take away from the severity of the issue.
In addition, this isn’t the first time that Dixons Carphone has suffered a cyber attack. It was hit by hackers in 2015 which affected the personal data of three million customers. The company told the ICO at the time that ‘additional security measures had been put in place’ after handing over a £400,000 fine. This begs the question how this latest attack came about. This will no doubt form a large part of the inquiry which will soon follow.
Although Dixons Carphone is the subject of the latest attack, the incident is indicative of the wide increase in business-related cyber crime. Official statistics out earlier this year revealed a 145% rise in computer malware, specifically ransomware, DDoS and Trojans. Companies are increasingly becoming targets because consumer cyber security has increased.
It will come as no surprise that this has impacted on the company’s financial performance. Dixons Carphone is expected to suffer a 23% drop in pre-tax profits. The company already announced last month that it is closing 92 of its 700 stores. However, this is largely reflecting a broad shift away from the high street and changing buying habits of electrical goods rather than the company’s specific performance.
The majority of the hacked card details – 5.8 million – were protected by chip-and-pin. So, they cannot be used without further details, such as the three-digit security code or expiry date. However, 105,000 cards outside the EU without chip-and-pin were compromised too. Affected customers will be given an apology and advice on how to be vigilant to suspicious activity on their accounts. This is highly unlikely to do enough to allay people’s fears or undo the damage in company trust.
Lessons to be learnt by Dixons Carphone
This is not a standalone case. Cyber crime was the second most reported crime worldwide in 2016. Details are yet to be revealed on how the Dixons Carphone cyber attack came about. So, we can’t speculate too much at this stage. However, one factor which is already fuelling the debate is how such a breach was left undetected in the run-up to the implementation of GDPR. This should have put a company’s data protection policies and practices under a microscope if they weren’t already.
Incidents like this act as a strong reminder that you cannot be too careful when it comes to cybersecurity and data protection. Research found that 43% of worldwide cyber attacks specifically have targeted small companies. Dixons Carphone has said that the incident was very sophisticated and used ‘advanced malware’ to infiltrate their systems. Sadly, it is almost impossible to totally prevent being a victim of a cyber attack. But, there are several steps you can take which will significantly reduce the risk:
- Install firewalls and anti-virus software and ensure they are kept up-to-date.
- Regularly change your passwords, use different ones across different devices or accounts and make them difficult to guess.
- Carefully control who has access to data both within and outside of your company.
- Back everything up both online and offline.
- Finance, insurance and real estate firms have the highest email malware rate with one in every 182 emails delivering an attempted hack. So, keep your staff in the know on what to look out for.
- Stay up to date with everything from legislation to software to expert advice on data.
- Consider outsourcing your IT to ensure your data is kept as safe and secure as possible.