Dixons Carphone data breach
13-06-2018, 07:51
|
#1
|
laeva recumbens anguis
Cable Forum Team
Join Date: Jun 2006
Age: 67
Services: Premiere Collection
Posts: 42,099
|
Dixons Carphone data breach
Just been mentioned on BBC TV news that Dixons Carphone have announced they have had a data breach, with up to 6 million payment card details taken.
Link to follow when more info is available.
Update- apparently two separate incidents in the last year in "data hacks".
1st - 6 million card details taken
2nd - 1 million personal details (name and address, etc) taken.
https://www.bbc.co.uk/news/business-44465331
Quote:
Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records.
It has begun investigating the hacking attempt, which it said happened in the past year.
Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.
It said 5.8 million of the credit and debit cards had chip-and-pin protection and that pin codes had not leaked.
As a result, about 105,000 non-EU cards, which were not chip-and-pin, had been compromised, it said.
The hackers had tried to gain access to one of the processing systems of Currys PC World and Dixons Travel stores, the firm said.
Dixons Carphone chief executive Alex Baldock said it was "extremely disappointed" by the data breach and "sorry for any upset",
"The protection of our data has to be at the heart of our business, and we've fallen short here.
"We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously," he added.
|
__________________
There is always light.
If only we’re brave enough to see it.
If only we’re brave enough to be it.
If my post is in bold and this colour, it's a Moderator Request.
Last edited by Hugh; 13-06-2018 at 08:10.
|
|
|
13-06-2018, 08:05
|
#2
|
Still alive and fighting
Join Date: Jun 2007
Location: In the land of beyond and beyond.
Services: XL BB, 3 360 boxes , XL TV.
Posts: 56,308
|
Re: Carphone Warehouse data breach
So much for all the big promises of our data being securely protected.
__________________
“The only lesson you can learn from history is that it repeats itself”
|
|
|
13-06-2018, 08:28
|
#3
|
Rise above the players
Join Date: Mar 2008
Location: Wokingham
Services: 2 V6 boxes with 360 software, Now, ITVX, Amazon, Netflix, Lionsgate+, Apple+, Disney+, Paramount +,
Posts: 14,589
|
Re: Carphone Warehouse data breach
Quote:
Originally Posted by denphone
So much for all the big promises of our data being securely protected.
|
Well, the highly bureaucratic GDPR only came into force last month, Den.
---------- Post added at 08:28 ---------- Previous post was at 08:20 ----------
Quote:
Originally Posted by Hugh
Just been mentioned on BBC TV news that Dixons Carphone have announced they have had a data breach, with up to 6 million payment card details taken.
Link to follow when more info is available.
Update- apparently two separate incidents in the last year in "data hacks".
1st - 6 million card details taken
2nd - 1 million personal details (name and address, etc) taken.
https://www.bbc.co.uk/news/business-44465331
|
I bought a phone from them a few years ago and later that same day I had someone contact me alleging they were from Carphone Warehouse saying that they had a better deal on the insurance than I had been offered. They made a point of telling me what phone I had bought (they said this several times) and read out to me some of my personal details, all designed to reassure me they were who they said they were. Then they asked for my date of birth and my mother's maiden name, at which point the strangeness of the whole conversation dawned on me. It was clearly a scam and I terminated the call.
The fact that these people had all these details about my purchase indicated to me that this was an inside job, although it could have been a hack. I was unnerved enough by this experience to vow never to use them again, and I have used Virgin Mobile ever since.
My point in relating this is I think Carphone Warehouse may have had security issues for some years and the problem is worse than it would first appear.
|
|
|
13-06-2018, 09:29
|
#4
|
cf.geek
Join Date: Dec 2013
Posts: 956
|
Re: Carphone Warehouse data breach
Quote:
Originally Posted by OLD BOY
Well, the highly bureaucratic GDPR only came into force last month, Den.
---------- Post added at 08:28 ---------- Previous post was at 08:20 ----------
I bought a phone from them a few years ago and later that same day I had someone contact me alleging they were from Carphone Warehouse saying that they had a better deal on the insurance than I had been offered. They made a point of telling me what phone I had bought (they said this several times) and read out to me some of my personal details, all designed to reassure me they were who they said they were. Then they asked for my date of birth and my mother's maiden name, at which point the strangeness of the whole conversation dawned on me. It was clearly a scam and I terminated the call.
The fact that these people had all these details about my purchase indicated to me that this was an inside job, although it could have been a hack. I was unnerved enough by this experience to vow never to use them again, and I have used Virgin Mobile ever since.
My point in relating this is I think Carphone Warehouse may have had security issues for some years and the problem is worse than it would first appear.
|
It was likely not a scam and some part of CPW offering deals.
|
|
|
14-06-2018, 16:46
|
#5
|
Rise above the players
Join Date: Mar 2008
Location: Wokingham
Services: 2 V6 boxes with 360 software, Now, ITVX, Amazon, Netflix, Lionsgate+, Apple+, Disney+, Paramount +,
Posts: 14,589
|
Re: Carphone Warehouse data breach
Quote:
Originally Posted by Mythica
It was likely not a scam and some part of CPW offering deals.
|
Asking for my date of birth and mother's maiden name? I don't think so!
|
|
|
14-06-2018, 19:24
|
#6
|
cf.geek
Join Date: Dec 2013
Posts: 956
|
Re: Carphone Warehouse data breach
Quote:
Originally Posted by OLD BOY
Asking for my date of birth and mother's maiden name? I don't think so!
|
You'd be surprised.
|
|
|
14-06-2018, 20:08
|
#7
|
Inactive
Join Date: May 2018
Location: Surrey
Services: Sky HD (2 TB / 1.5 TB MultiRoom)
Sky Fiber Max
Posts: 510
|
Re: Dixons Carphone data breach
Usually most companies do ask for some verification that it is you - did their number show that it was CWH or was it private / unknown?
You could have told them that you were going to call back their automated service and get through to them with verification that you dialed the correct number for them.
Though it is a pain going through it from scratch - some places are an absolute pain and it takes forever to get through.
|
|
|
14-06-2018, 23:47
|
#8
|
Rise above the players
Join Date: Mar 2008
Location: Wokingham
Services: 2 V6 boxes with 360 software, Now, ITVX, Amazon, Netflix, Lionsgate+, Apple+, Disney+, Paramount +,
Posts: 14,589
|
Re: Dixons Carphone data breach
Quote:
Originally Posted by Chloé Palmas
Usually most companies do ask for some verification that it is you - did their number show that it was CWH or was it private / unknown?
You could have told them that you were going to call back their automated service and get through to them with verification that you dialed the correct number for them.
Though it is a pain going through it from scratch - some places are an absolute pain and it takes forever to get through.
|
You NEVER give your date of birth and mother's maiden name when you get an unsolicited call, for heaven's sake! How long does it take to get that message through?
|
|
|
15-06-2018, 00:16
|
#9
|
Inactive
Join Date: May 2018
Location: Surrey
Services: Sky HD (2 TB / 1.5 TB MultiRoom)
Sky Fiber Max
Posts: 510
|
Re: Dixons Carphone data breach
Which part of "you could call them back on a verified line" to make sure that it was them did you not get?
Also, if they ask for no verification then it is likely not a legitimate call, either. For all they know, they could be talking to anyone.
|
|
|
16-06-2018, 13:50
|
#10
|
Rise above the players
Join Date: Mar 2008
Location: Wokingham
Services: 2 V6 boxes with 360 software, Now, ITVX, Amazon, Netflix, Lionsgate+, Apple+, Disney+, Paramount +,
Posts: 14,589
|
Re: Dixons Carphone data breach
Quote:
Originally Posted by Chloé Palmas
Which part of "you could call them back on a verified line" to make sure that it was them did you not get?
Also, if they ask for no verification then it is likely not a legitimate call, either. For all they know, they could be talking to anyone.
|
There was no point. It was clearly a scam. The request for my date of birth and mother's maiden name was a dead giveaway. No reputable company would cold call you and ask for that information.
|
|
|
16-06-2018, 13:58
|
#11
|
Woke and proud !
Join Date: Jun 2004
Services: TV, Phone, BB, a wife
Posts: 9,134
|
Re: Dixons Carphone data breach
Quote:
Originally Posted by Chloé Palmas
Which part of "you could call them back on a verified line" to make sure that it was them did you not get?
Also, if they ask for no verification then it is likely not a legitimate call, either. For all they know, they could be talking to anyone.
|
And if they don't hang up, you could get through to exactly same scam people. Don't answer the phone is my advice, it's usually the Mother-in-law anyway.
Caller ID will made free to everyone this year which will help.
|
|
|
16-06-2018, 15:50
|
#12
|
Perfect Soldier
Join Date: Mar 2009
Location: Worthing West Sussex
Age: 66
Services: VM 500M SH3 thingy
in modem mode
XL TV V6 Sony Bravia smart TV and M phone
Posts: 10,995
|
Re: Dixons Carphone data breach
Quote:
Quote from Mr K:
And if they don't hang up, you could get through to exactly same scam people.
|
IIRC that's going to change shortly and the caller will only be able to hold the line for a second or two after the recipient hangs up. This is specifically to stop that scam.
__________________
History is much like an endless waltz: The three beats of war, peace and revolution continue on forever.
However history will change with my coronation - Mariemaia Khushrenada
|
|
|
16-06-2018, 19:06
|
#13
|
cf.geek
Join Date: Dec 2013
Posts: 956
|
Re: Dixons Carphone data breach
Quote:
Originally Posted by OLD BOY
There was no point. It was clearly a scam. The request for my date of birth and mother's maiden name was a dead giveaway. No reputable company would cold call you and ask for that information.
|
The best thing to do is Google the number. There will be plenty of people saying scam, scam, scam. If you carry on reading you'll then find it was some kind of company in partnership or something similar with the likes of EE or Carphone Warehouse trying to sell upgrades or insurance.
|
|
|
17-06-2018, 16:45
|
#14
|
Rise above the players
Join Date: Mar 2008
Location: Wokingham
Services: 2 V6 boxes with 360 software, Now, ITVX, Amazon, Netflix, Lionsgate+, Apple+, Disney+, Paramount +,
Posts: 14,589
|
Re: Dixons Carphone data breach
Quote:
Originally Posted by Mythica
The best thing to do is Google the number. There will be plenty of people saying scam, scam, scam. If you carry on reading you'll then find it was some kind of company in partnership or something similar with the likes of EE or Carphone Warehouse trying to sell upgrades or insurance.
|
Mythica, they would never ask for your mother's maiden name if it wasn't a scam, that was my point.
|
|
|
24-06-2018, 15:45
|
#15
|
Inactive
Join Date: May 2018
Location: Surrey
Services: Sky HD (2 TB / 1.5 TB MultiRoom)
Sky Fiber Max
Posts: 510
|
Re: Dixons Carphone data breach
If they ask "for security, can you please confirm..." and the question is "your mother's maiden name?" they absolutely do use that line of questioning for other companies. If it is the security question then you absolutely can and would be asked that, irrespective of company.
Now there are questions that I have set (involving lingerie for example) that only I would know that I only ever set - if they ask that they either have hacked into the central system of the company that I either set it with, or they are who they claim to be.
If they preface it with "the reason we need to talk to you" and I know that to be legitimate and they also say "but first we need to verify security" and I can tell that it is a legitimate number they are calling for it is entirely likely that it is a legitimate call and not a scam. But those variables will be down to you to figure out at the time. If you can think on your feet, you should be fine.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 13:26.
|