UK-based Carphone Warehouse is in deep trouble right now. In one of the biggest data breaches in recent years, more than two million customers of Carphone Warehouse may have had their names, addresses and back account details stolen by hackers. In what the company has described as a ‘sophisticated cyber attack’, encrypted credit card details of up to 90,000 customers may also have been compromised.
The company has admitted that it discovered the hack only on Wednesday which is two weeks after the cyber attack actually took place. Right now, The Metropolitan Police and The Information Commissioners’ Office are investigating the matter.
Right now, Carphone Warehouse is under harsh criticism from the customers as they are asking why the company is contacting them after three days of finding the attack and not right away on Wednesday. The company told the reporters that the reason it took them so long to tell about the attack is it took them 3 days time to identify the compromised accounts. If Carphone Warehouse is now found to have inadequate security provision for its customers by the investigators, it may well face a fine of up to 500,000 Euros.
The company is now contacting all of its customers who might have been affected by the attack to inform them of the breach via e-mail. This move is being criticized by many consumer groups as according to them many customers may not read the email over the weekend and the company should have sent compromised customers repeated text messages to make them aware.
If you have been affected by the attack, you can take the following measures:
- Alert the bank and credit card company
- Check your account for any suspicious transactions, change your password
- If you believe you are a victim of fraud, you may call Action Fraud at 0300 120 2040
The company has yet not told about who was behind the attack or where the attack came from. Carphone Warehouse said that it had taken additional security measures to protect its IT system and had a hired leading security-firm to investigate the attack.
Sebastian James, group chief executive of the parent company Dixons Carphone said in a statement:
“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems. We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
Carphone Warehouse had not yet decided if it will compensate customers or not. But the investigation is still going on and we have to wait to see what happens.