Sunday, August 09, 2015

Carphone Warehouse hacked. At least 2.4 million customers at risk

News has broken this weekend that the personal data, including bank account details, of some 2.4 million customers of the Carphone Warehouse may have been compromised following a breach that the mobile phone retail giant is calling "a sophisticated cyber-attack." The company also warns that encrypted credit card data of up to 90,000 customers may have been accessed during the breach. Scotland Yard and the Information Commissioner's Office have both been notified, along with a security outfit specialising in forensic examination of such attacks. However, the statement from Carphone Warehouse, released on Saturday, and revealing that the compromised personal details also include names, addresses and dates of birth also reveals that discovery of the attack took place on Wednesday: "On 5 August 2015 we discovered that the IT systems of three of our online UK businesses had been subject to a sophisticated cyber attack." This will no doubt leave many customers whose data has been exposed wondering why it took a further three days for the breach to be disclosed. Customers, it should be said, that extend further than just Carphone Warehouse itself. The official disclosure statement continues: "The three websites affected are, and These websites also provide a number of services related to mobile phone contracts to iD mobile, TalkTalk mobile, Talk mobile and Carphone Warehouse." Now, bear in mind that this means a further 480,000 TalkTalk Mobile customers could be impacted and I expect reports of the total number of potential victims here to rise in the coming days and weeks.