Dixons Carphone reveals data breach affecting 5.9M bank cards

The UK electronics retailer, which operates as Currys PC World and Dixons Travel, was hacked in July 2017.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read

Currys and PC World customers were affected by the breach.

Ben Stansall/AFP/Getty Images

British electronics retailer Dixons Carphone admitted a huge data breach on Wednesday involving 5.9 million payment cards and 1.2 million personal data records.

The company discovered its systems were first breached in July 2017 and has been investigating the issue, it said in a press release

During the course of its investigation, Dixons Carphone discovered an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores, but 5.8 million of the cards are protected by chip and PIN, the company said.

The investigation also revealed that 1.2 million records containing non-financial personal data, such as name, address or email address, had been accessed by hackers. Dixons Carphone is contacting affected customers to inform them and apologise individually.

The retailer has discovered no evidence of fraud, but has passed details of the other 105,000 non-EU issued cards affected to the relevant card companies. The Information Commissioner, the Financial Conduct Authority and the police have also been informed.

Dixons Carphone CEO Alex Baldock issued an apology for the upset caused in a statement, saying:

"The protection of our data has to be at the heart of our business, and we've fallen short here. We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected."

The best PCs for privacy-minded people

See all photos