Cyberattack on UK's Carphone Warehouse leaves up to 2.4 million customers at risk

[midian182]

UK-based mobile device retail giant Carphone Warehouse has admitted that up to 2.4 million of its customers may have had their names, addresses and bank account details stolen by hackers in one of the largest and most sophisticated cyberattacks ever to have taken place in the country.

Carphone Warehouse released a statement which said that its websites and internet services were compromised by hackers during the “sophisticated cyberattack” which took place almost two weeks before the company came to know about it on Wednesday.

Three of the retailer’s online businesses which provide services related to mobile contracts were breached. The hackers may have accessed the encrypted credit card data of up to 90,000 customers, according to the statement.

Carphone Warehouse claims the “vast majority” of its customers have not been affected by the hack, as their details are held on separate systems which were not accessed during the attack. It added that it is in the process of contacting those impacted with advice on additional steps to take. The company has been heavily criticized for waiting three days after knowledge of the breach came to light before it started notifying customers.

“We are, of course, informing anyone that may have been affected [...] We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems,” said Sebastian James, group chief executive of Dixons Carphone in a statement.

The company said it has now implemented additional I.T. measures to prevent such attacks in the future, and that it has also recruited a cyber security firm to investigate how the breach took place.

Carphone Warehouse now risks being fined $773,000 by the Information Commissioner's Office (ICO) if it is found to have provided inadequate protection for its customers. Sony was fined $386,000 in 2013 by the data watchdog for a breach that compromised the personal information of millions of PlayStation Network users.

Permalink to story.

https://www.techspot.com/news/61698-cyberattack-uk-carphone-warehouse-leaves-up-24-million.html

 

[Skidmarksdeluxe]

"We take the security of customer data extremely seriously" seems to be the de facto statement all these saps all make once they've been hacked. No doubt it'll be proven that their cyber security was somewhat lacking.

 

[mrjgriffin]

How does this always happen to big companies? do they not have an antivirus installed? does some ***** click on stupid ads while browsing the web? are they using internet explorer? all serious questions

 

[Hexic]

How does this always happen to big companies? do they not have an antivirus installed? does some ***** click on stupid ads while browsing the web? are they using internet explorer? all serious questions

We are all humans, humans are prone to error. Whether that be intentional laziness or a sophisticated intruder in this case - we don't know. Either way, it's not much of a surprise.

And the last, and most important concept to remember is that everyone is vulnerable to getting hacked - absolutely everyone. There will always be someone better than you, that catches something/finds a vulnerability that you won't. In the security firm business, we mitigate network compromises, because it's impossible and unrealistic to hold the stereotypical castle-wall 'invulnerability' mindset.

 

[Someone8MyPosts]

Love how the article title says the cyberattack left folks at risk...not the company's lack of proper security.

 

[Someone8MyPosts]

How does this always happen to big companies? do they not have an antivirus installed? does some ***** click on stupid ads while browsing the web? are they using internet explorer? all serious questions

We are all humans, humans are prone to error. Whether that be intentional laziness or a sophisticated intruder in this case - we don't know. Either way, it's not much of a surprise.

And the last, and most important concept to remember is that everyone is vulnerable to getting hacked - absolutely everyone. There will always be someone better than you, that catches something/finds a vulnerability that you won't. In the security firm business, we mitigate network compromises, because it's impossible and unrealistic to hold the stereotypical castle-wall 'invulnerability' mindset.

True and not true. A company that actively seeks to store my personal data without really needing it and claiming to have such ultra-secure practices (E.g. LifeLock, LastPass, and a ton of other companies and industries where businesses/agencies have been hacked...<cough>OPM<cough>), is responsible. Playing the "I'm only human" card only goes so far.

 

[Hexic]

True and not true. A company that actively seeks to store my personal data without really needing it and claiming to have such ultra-secure practices (E.g. LifeLock, LastPass, and a ton of other companies and industries where businesses/agencies have been hacked...<cough>OPM<cough>), is responsible. Playing the "I'm only human" card only goes so far.

You're correct that despite human error, each company/organization IS solely responsible for themselves being compromised - despite how the error occurred. I was breaking down as to the 'why', not so much the 'how' they can be compromised.

Playing the 'human' card doesn't work at all. That being said, the 'big companies' that are being compromised are so vulnerable because they are big companies. More data to lose, more systems to simultaneously attempt to secure, a larger margin for error.