Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Current Affairs (https://www.cableforum.uk/board/forumdisplay.php?f=20)
-   -   Dixons Carphone data breach (https://www.cableforum.uk/board/showthread.php?t=33706476)

Hugh 13-06-2018 08:51

Dixons Carphone data breach
 
Just been mentioned on BBC TV news that Dixons Carphone have announced they have had a data breach, with up to 6 million payment card details taken.

Link to follow when more info is available.

Update- apparently two separate incidents in the last year in "data hacks".

1st - 6 million card details taken

2nd - 1 million personal details (name and address, etc) taken.

https://www.bbc.co.uk/news/business-44465331
Quote:

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records.

It has begun investigating the hacking attempt, which it said happened in the past year.

Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.

It said 5.8 million of the credit and debit cards had chip-and-pin protection and that pin codes had not leaked.

As a result, about 105,000 non-EU cards, which were not chip-and-pin, had been compromised, it said.

The hackers had tried to gain access to one of the processing systems of Currys PC World and Dixons Travel stores, the firm said.

Dixons Carphone chief executive Alex Baldock said it was "extremely disappointed" by the data breach and "sorry for any upset",

"The protection of our data has to be at the heart of our business, and we've fallen short here.

"We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously," he added.

denphone 13-06-2018 09:05

Re: Carphone Warehouse data breach
 
So much for all the big promises of our data being securely protected.:(

OLD BOY 13-06-2018 09:28

Re: Carphone Warehouse data breach
 
Quote:

Originally Posted by denphone (Post 35950359)
So much for all the big promises of our data being securely protected.:(

Well, the highly bureaucratic GDPR only came into force last month, Den.

---------- Post added at 08:28 ---------- Previous post was at 08:20 ----------

Quote:

Originally Posted by Hugh (Post 35950356)
Just been mentioned on BBC TV news that Dixons Carphone have announced they have had a data breach, with up to 6 million payment card details taken.

Link to follow when more info is available.

Update- apparently two separate incidents in the last year in "data hacks".

1st - 6 million card details taken

2nd - 1 million personal details (name and address, etc) taken.

https://www.bbc.co.uk/news/business-44465331

I bought a phone from them a few years ago and later that same day I had someone contact me alleging they were from Carphone Warehouse saying that they had a better deal on the insurance than I had been offered. They made a point of telling me what phone I had bought (they said this several times) and read out to me some of my personal details, all designed to reassure me they were who they said they were. Then they asked for my date of birth and my mother's maiden name, at which point the strangeness of the whole conversation dawned on me. It was clearly a scam and I terminated the call.

The fact that these people had all these details about my purchase indicated to me that this was an inside job, although it could have been a hack. I was unnerved enough by this experience to vow never to use them again, and I have used Virgin Mobile ever since.

My point in relating this is I think Carphone Warehouse may have had security issues for some years and the problem is worse than it would first appear.

Mythica 13-06-2018 10:29

Re: Carphone Warehouse data breach
 
Quote:

Originally Posted by OLD BOY (Post 35950361)
Well, the highly bureaucratic GDPR only came into force last month, Den.

---------- Post added at 08:28 ---------- Previous post was at 08:20 ----------



I bought a phone from them a few years ago and later that same day I had someone contact me alleging they were from Carphone Warehouse saying that they had a better deal on the insurance than I had been offered. They made a point of telling me what phone I had bought (they said this several times) and read out to me some of my personal details, all designed to reassure me they were who they said they were. Then they asked for my date of birth and my mother's maiden name, at which point the strangeness of the whole conversation dawned on me. It was clearly a scam and I terminated the call.

The fact that these people had all these details about my purchase indicated to me that this was an inside job, although it could have been a hack. I was unnerved enough by this experience to vow never to use them again, and I have used Virgin Mobile ever since.

My point in relating this is I think Carphone Warehouse may have had security issues for some years and the problem is worse than it would first appear.

It was likely not a scam and some part of CPW offering deals.

OLD BOY 14-06-2018 17:46

Re: Carphone Warehouse data breach
 
Quote:

Originally Posted by Mythica (Post 35950368)
It was likely not a scam and some part of CPW offering deals.

Asking for my date of birth and mother's maiden name? I don't think so!

Mythica 14-06-2018 20:24

Re: Carphone Warehouse data breach
 
Quote:

Originally Posted by OLD BOY (Post 35950531)
Asking for my date of birth and mother's maiden name? I don't think so!

You'd be surprised.

Chloé Palmas 14-06-2018 21:08

Re: Dixons Carphone data breach
 
Usually most companies do ask for some verification that it is you - did their number show that it was CWH or was it private / unknown?

You could have told them that you were going to call back their automated service and get through to them with verification that you dialed the correct number for them.

Though it is a pain going through it from scratch - some places are an absolute pain and it takes forever to get through.

OLD BOY 15-06-2018 00:47

Re: Dixons Carphone data breach
 
Quote:

Originally Posted by Chloé Palmas (Post 35950566)
Usually most companies do ask for some verification that it is you - did their number show that it was CWH or was it private / unknown?

You could have told them that you were going to call back their automated service and get through to them with verification that you dialed the correct number for them.

Though it is a pain going through it from scratch - some places are an absolute pain and it takes forever to get through.

You NEVER give your date of birth and mother's maiden name when you get an unsolicited call, for heaven's sake! How long does it take to get that message through?

Chloé Palmas 15-06-2018 01:16

Re: Dixons Carphone data breach
 
Which part of "you could call them back on a verified line" to make sure that it was them did you not get?

Also, if they ask for no verification then it is likely not a legitimate call, either. For all they know, they could be talking to anyone.

OLD BOY 16-06-2018 14:50

Re: Dixons Carphone data breach
 
Quote:

Originally Posted by Chloé Palmas (Post 35950601)
Which part of "you could call them back on a verified line" to make sure that it was them did you not get?

Also, if they ask for no verification then it is likely not a legitimate call, either. For all they know, they could be talking to anyone.

There was no point. It was clearly a scam. The request for my date of birth and mother's maiden name was a dead giveaway. No reputable company would cold call you and ask for that information.

Mr K 16-06-2018 14:58

Re: Dixons Carphone data breach
 
Quote:

Originally Posted by Chloé Palmas (Post 35950601)
Which part of "you could call them back on a verified line" to make sure that it was them did you not get?

Also, if they ask for no verification then it is likely not a legitimate call, either. For all they know, they could be talking to anyone.

And if they don't hang up, you could get through to exactly same scam people. Don't answer the phone is my advice, it's usually the Mother-in-law anyway. ;)
Caller ID will made free to everyone this year which will help.

heero_yuy 16-06-2018 16:50

Re: Dixons Carphone data breach
 
Quote:

Quote from Mr K:

And if they don't hang up, you could get through to exactly same scam people.
IIRC that's going to change shortly and the caller will only be able to hold the line for a second or two after the recipient hangs up. This is specifically to stop that scam.

Mythica 16-06-2018 20:06

Re: Dixons Carphone data breach
 
Quote:

Originally Posted by OLD BOY (Post 35950801)
There was no point. It was clearly a scam. The request for my date of birth and mother's maiden name was a dead giveaway. No reputable company would cold call you and ask for that information.

The best thing to do is Google the number. There will be plenty of people saying scam, scam, scam. If you carry on reading you'll then find it was some kind of company in partnership or something similar with the likes of EE or Carphone Warehouse trying to sell upgrades or insurance.

OLD BOY 17-06-2018 17:45

Re: Dixons Carphone data breach
 
Quote:

Originally Posted by Mythica (Post 35950838)
The best thing to do is Google the number. There will be plenty of people saying scam, scam, scam. If you carry on reading you'll then find it was some kind of company in partnership or something similar with the likes of EE or Carphone Warehouse trying to sell upgrades or insurance.

Mythica, they would never ask for your mother's maiden name if it wasn't a scam, that was my point.

Chloé Palmas 24-06-2018 16:45

Re: Dixons Carphone data breach
 
If they ask "for security, can you please confirm..." and the question is "your mother's maiden name?" they absolutely do use that line of questioning for other companies. If it is the security question then you absolutely can and would be asked that, irrespective of company.

Now there are questions that I have set (involving lingerie for example) that only I would know that I only ever set - if they ask that they either have hacked into the central system of the company that I either set it with, or they are who they claim to be.

If they preface it with "the reason we need to talk to you" and I know that to be legitimate and they also say "but first we need to verify security" and I can tell that it is a legitimate number they are calling for it is entirely likely that it is a legitimate call and not a scam. But those variables will be down to you to figure out at the time. If you can think on your feet, you should be fine.


All times are GMT +1. The time now is 10:32.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.