Dixons Carphone admits data breach

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. This latest significant retail data breach shows that no matter how sophisticated a company’s IT system is, a system can be breached.

At the time of writing, it is reported that data on 1.2 million UK customers has been accessed.

The attack involved the processing systems of Currys, PC World and Dixons Travel stores, the electronics retailer said on Wednesday 13 June in a statement. Dixons Carphone Plc said a cyber attack affected almost 6 million payment cards as hackers sought unauthorised access to customers’ personal data. Following the issue of this statement Dixons shares fell as much as 4.9 per cent in London.

This breach and the immediate response from the stock market shows that reputational risk is a real concern following a data breach and the market reaction anticipates a reduction in consumer confidence.

Chief Executive Officer, Alex Baldock, said, “Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge”.

It is concerning that the latest breach follows a previous cyberattack at the retailer’s Carphone Warehouse unit that resulted in a fine in January 2018 of £400,000 by the Information Commissioner’s Office. In the incident, which took place in 2015, hackers exposed the personal details of more than 3 million customers and some employees. However, the ICO in issuing the fine acknowledged the steps taken in mitigating the impact of this data breach on customers. Following this breach the company would have taken remedial steps to prevent a reoccurrence and inevitably that would have included some upgrades to IT Security.

So is this an IT Issue?

Worldwide Spending on Security Solutions is forecast to reach $91 Billion in 2018, according to a new International Data Corporation (IDC) Spending Guide. Yet despite this spend the rate and severity of attacks and accidental data breaches shows no sign of abating. Hackers are becoming increasingly more sophisticated, and employing the services of behavioural scientists to design attacks to encourage human activation.

Cyber Security expert, Oz Alashe MBE, said “The solution is not just improving IT infrastructure. Businesses need to consider not just technology, but also people and processes”.

Oz Alashe, CEO of CybSafe, believes businesses must educate employees through intuitive learning to improve awareness and behaviours online.

Cyber Insurance is an ever increasingly important protection for businesses, and whilst it is true that a cyber policy cannot prevent a business from suffering a hack or data breach, it can help with the fall out and recovery. Much like a sprinkler system will not prevent a fire from starting but it will contain the blaze and prevent it from burning the business down, a Cyber Insurance policy can contain a breach and prevent the ensuing reputational damage from destroying the business’s reputation.

Insurers will include within a Cyber Insurance policy a leveraged and paid for breach response service that will include access to experts including forensic IT consultants, IT Security Specialist Contractors, Legal support and PR & Comms consultants. These are deployed to minimise the effect a breach has on customers and support the business’s reputation during and following a breach.

With premiums from as little as £500, cyber insurance is increasingly a protection that businesses cannot afford to be without.

Find out more

For more information, please speak to your Stackhouse Poland representative, call us on 020 7089 2900 or fill in our contact us form.