Dixons Carphone has today admitted that a large data breach has affected 1.2 million personal data records and 5.9 million payment cards. Are you aware of your rights?
More and more major companies are suffering data leaks and breaches – just last year we saw the largest in history with three billion Yahoo accounts affected.
Implicated companies get fined, but affected customers often get little or no redress. That’s why we’ve previously called on the government to amend the Data Protection Bill.
Hacking attempt
Dixons Carphone has said that the breach follows a hacking attempt to compromise 5.9 million cards in one of the processing systems it uses in its Currys PC World and Dixons Travel stores. It has informed the ICO, FCA and the Police.
The company has also stated that there is no evidence that any of the cards had been used fraudulently following the breach.
Personal data has also been accessed, including names, home addresses and email addresses, but again Dixons Carphone said that there’s no evidence at this stage that the information has left its systems, or resulted in any fraud.
Your rights
When a serious data breach occurs, companies are obligated under GDPR to tell you without undue delay.
The first thing we’d recommend doing is taking your own steps to secure your data; change your passwords and keep an eye on your bank accounts.
If your data is lost and it causes you financial damage or distress, you may be able to claim compensation. We’ve put together the steps you need to take in our consumer rights guide to data breaches.
With data breaches becoming more common than anyone would like, we want to see companies being held to account. The government should be giving independent bodies the power to seek collective redress on behalf of affected customers when a company has failed to meet its data protection obligations.
Do you agree that the government should step in to ensure that people get the support and compensation they’re entitled to? Have you been affected by data breaches in the past? Let us know your views.
Update: 31/07/2018
Dixons has admitted that some 10m personal data records might have been affected by the data breach after further investigation.
When it first announced the breach in June, Dixons Carphone, who owns Carephone Warehouse and Currys PC World, said that most of the cards involved in the hack hadn’t been compromised. But 105,000 cards that had been issued outside the EU and didn’t have chip and Pin protection had been compromised. Dixons Carphone explained:
“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details, and there is no evidence that any fraud has resulted”