Customers Angry Carphone Hack Kept 'Secret'

Customers Angry Carphone Hack Kept ‘Secret’

Posted: Aug 09, 2015
By: Julian Peter
Comments: 0

Some customers say they should have been informed of a huge hack when it was first discovered on Wednesday, not three days later.

Carphone Warehouse customers are asking why the company took three days to inform them of a data breach that may have compromised the personal details of up to 2.4 million people.

Users took to Twitter to vent their frustration that customers were not immediately made aware when the breach was first discovered on Wednesday.

“How timely of carphone warehouse to delay announcement of hacking to weekend when banking services are most difficult to contact,” Menna Flavell tweeted.

Mahesh Nair asked why the company “decided that it was OK to tell customers about the hack three days later?”

Carphone Warehouse has called the cyber attack “sophisticated”, saying it was stopped “straight away” after its own systems discovered it on Wednesday afternoon. It is believed to have happened in the two weeks before then.

News of the hack emerged on Saturday.

Technology expert Tom Cheesewright told BBC Breakfast that the firm may have been trying to assess the level of damage before making the announcement.

The attack affects the division which operates OneStopPhoneShop.com, e2save.com and Mobiles.co.uk – and also provides services to TalkTalk Mobile, Talk Mobile and iD Mobile customers.

In a statement, Dixons Carphone said it was aiming to contact all 2.4 million customers affected by the hack.

According to the retailer’s parent company, Dixons Carphone, the encrypted card data of up to 90,000 customers may also have been accessed.

Customers are being urged to change their online passwords, amid fears that fraudsters will exploit the breach.

Get Safe Online, a government security service, has described the cyberattack as “hugely concerning” – and is warning that criminals may make phone calls and emails purporting to be from Carphone Warehouse, in a bid to trick those affected into sharing even more sensitive information.

The initiative’s chief executive, Tony Neate, said: “With the stolen data potentially including names, addresses and dates of birth, hackers could also gain access to your other online accounts if you are using any of this information for your passwords.

“If this is you, now is the time to give your passwords an overhaul – think of something unpredictable and different for every account.”

Dixons Carphone chief executive Sebastian James has apologised for the incident and said “additional security measures” have been put in place by the company.

“We take the security of customer data extremely seriously, and we are very sorry people have been affected by the attack on our systems,” he said.

A letter sent to customers of Mobiles.co.uk has recommended customers to notify banks and credit card companies that they have been affected by the hack, allowing them to monitor accounts for unusual activity.

It also advised consumers to check their credit rating to make sure no one has taken loans or credit in their name.Meanwhile, the UK’s data watchdog, the Information Commissioner’s Office, has said it is “making inquiries” into the incident.

The Carphone Warehouse data breach is just the latest in a series of high-profile organisations to have the personal data of customers accessed by hackers.

Others that have been hit recently include Sony, Adult Friend Finder, Ashley Madison, eBay, and the US Office of Personnel Management