20.5k unique visitors in the last 3 days

Carphone Warehouse Data Breach Affects 2.4m

The British mobile phone retailer discovered the cyber attack on 5th August but took several days to warn customers.

British mobile phone retailer Carphone Warehouse (CPW) has written to 2.4m customers to advise them of the consequences of a data breach. The letter states that CPW discovered the cyber attack on 5th August, and that it was targeted at three of their online businesses. Personal data was compromised, including names, addresses, bank and credit card details.

The affected websites are onestopphoneshop.com, e2save.com, and mobiles.co.uk. At time of writing, it appears that all these sites have been taken down.

Carphone Warehouse merged with electrical retailer Dixons last year, in a deal worth GBP3.8bn (USD5.4bn). They operate over 3,000 stores and have combined sales worth over GBP10bn (USD15bn). However, they do not believe that the data of any other customers has been accessed.

Sebastian James, Chief Executive of Dixons Carphone, issued the usual post-breach apologies to the media. It becomes increasingly hard to understand why executives bother to mitigate the reputation damage for this kind of repeated failure. Surely everybody now believes that every business is irresponsible with data. The usual stock phrases were offered by James, including: ‘we have put in place additional security measures’, and ‘we take security extremely seriously’, and ‘we are very sorry’. Cyber attacks on business are increasingly common, and increasingly prominent. If they keep happening to businesses that take security ‘extremely’ seriously, the only sensible riposte is that businesses should stop being so complacent and start taking security ‘extremely extremely’ seriously.

Like many other businesses who found themselves in a similar situation, Dixons Carphone are so very sorry that if you happen to be a worried customer, you will learn literally nothing about the breach by visiting any of the corporation’s websites or social media accounts. To find out what happened, you need to go to a news outlet instead; I struggle to understand how this will improve confidence in a tarnished supplier. And if you were one of the people who suffered a loss because your credit card details had been compromised, you might wonder why it took several days to be informed of the breach.

This is the second time this year that a company chaired by Charles Dunstone, founder of Carphone Warehouse, has revealed it was hacked for personal data. TalkTalk, the communications provider, admitted it suffered a data breach which led customers to be plagued by scams. TalkTalk started in 2003 as a subsidiary of Carphone Warehouse, and was demerged in 2010.

Ho hum… another breach in the world of big business, and more platitudes spouted by a CEO who is indifferent to the distress caused to customers because of his organization’s failure to implement adequate security. The sad truth is that this is barely a news story any more. We are approaching the point where it is not necessary to write a separate post for every major data breach. We could write the same text for every breach and leave it permanently on the front page of Commsrisk, just occasionally changing the name of the business and the number of innocent individuals who have suffered as a result.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email