UK retailer Dixons Carphone has issued an update into its data breach investigation – and has said approximately 10 million records containing personal data may have been accessed.
The company announced on June 13 that, following a review of its systems security, it had found unauthorised access in the past to some of its data.
Since then, the company says it has been putting further security measures in place to safeguard customer information, increased its investment in cybersecurity and added additional controls.
In an updated statement, the company said its investigation, which is now nearing completion, had identified that approximately 10 million records containing personal data may have been accessed in 2017.
“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted,” the statement said.
“We are continuing to keep the relevant authorities updated. As a precaution, we are choosing to communicate to all of our customers to apologise and advise them of protective steps to minimise the risk of fraud.”
It said it had taken action to close off this access and has no evidence it is continuing. We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.
Dixons Carphone Chief Executive Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”