Dixons Carphone reveals data breach affecting 5.9 million customers

GETTY    
   HACK Almost 6million Brits cards and data were compromised

GETTY HACK Almost 6million Brits cards and data were compromised

Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers. It also confirms it has informed the UK's data watchdog the ICO, financial conduct regulator the FCA, and the police.

The retailer said 5.8 million of the payment cards targeted were protected by chip and Pin, but that around 105,000 non-EU cards without chip and Pin protection were compromised. "We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously", the CEO said.

The latest incident also potentially exposed the personal details of 1.2 million people (name, address, email address), leaving customers more exposed to potential phishing attacks as a result.

Again, the company said there was no evidence that the information had left its systems, and it is in the process of contacting those whose personal data was accessed to apologise and give them guidance on any protective steps they should take.

We are extremely disappointed and sorry for any upset this may cause.

"The protection of our data has to be at the heart of our business, and we've fallen short here", he said.

"We have taken action to close off this access and have no evidence it is continuing".

Baldock said the company had engaged cyber security experts to handle the matter and would be communicating directly with those customers affected. "Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge".

Shares in Dixons Carphone, which issued a profit warning last month, fell as much as 6.4 percent on Wednesday, taking year-on-year losses to 37 percent.

It goes on to offer the not-entirely-reassuring reassurance that it has "no evidence to date of any fraudulent use of the data as result of these incidents" before admitting the compromised information included (incomplete, in some cases) payment card data.