Dixons Carphone, one of the largest consumer electronics and telecommunication retailers in Europe, has announced that a breach that happened in June affected around 10 million customers.
This is a bit of quantum leap from the initial estimate of 1.2 million people affected by the breach.
The company, which owns Carphone Warehouse and Currys PC World, said that no bank details, including pin codes, card verification values and authentication data used to make purchases, were taken and that there's no evidence any fraud had resulted from the security breach. Yet.
It added that the hackers may have accessed personal information of its affected customers including their names, addresses and email addresses last year.
The hackers also gained access to 5.9 million payments cards used at Currys PC World and Dixons Travel, but nearly all of those cards were protected by the chip-and-pin system.
Millions of raised eyebrows
The company’s CEO Alex Baldock, said: "We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us."
Of course there may well be several million raised eyebrows at this statement given that these contrite after-the-event missives are now as common as flailing Brexit politicians.
Baldock only took up the role in April and surely must be having second, third, fourth and fifth thoughts.
The company said it is communicating with all of its customers to apologise and advise them of protective steps to minimise the risk of fraud while continuing to keep the relevant authorities updated.
In this case the ‘relevant authorities will be the Information Commissioner’s Office who will surely be looking on with a concerned frown.
There is no indication as to how the hack happened but given the past evidence of other breaches we wouldn’t bet against it being a basic flaw.
Look out for yourself
In 2015 Dixons Carphone was hit by a data breach hit which affected three million customers.
Given the ubiquitous commonality of these events we’ve become almost tired of saying you can’t rely on others to protect your sensitive data and we should take steps to safeguard our own data.
But it’s true.