If you’re a Carphone Warehouse customer, consider yourself a potential unfortunate.
The latest confirmation from the company is that its server was cyber-attacked recently, putting 2.4 million customer accounts at risk, with sites such as e2save.com, Mobile.co.uk, and OneStopPhoneShop.com and carriers such as iD Mobile and Talk Talk Mobile having been affected. If you’re a frequent customer and buyer at these sites, consider yourself at potential risk. Carphone also says that 90,000 credit card numbers were also accessed, so identity theft may soon follow on the black market. Credit card numbers are quickly filtered into the black market as soon as a cyber attack occurs.
480,000 Talk Talk Mobile also confirmed on Twitter that its server had been infiltrated, noting that a “very small number” of accounts had been breached and that those accounts are now blocked until affected individuals or clients reset their passwords. This is Talk Talk Mobile’s second data breach within the last 8 months; the first was back in February, where the company announced that account names and numbers had been stolen by scammers.
“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems,” said Dixons Carphone CEO Sebastian James. Dixons Carphone is the new name for both Dixons Retail and Carphone Warehouse, two separate entities that merged last year.
Carphone is the latest in a large string of cyber attacks that have taken place in the last twelve months, but the company may come under another attack from customers: Carphone became aware of the cyber attack on August 5th, but waited until three days later to notify customers. “In that time, 72 hours, they will say we need to find the depth of the breach, but let’s say some people do have their cards compromised. They will be livid that they weren’t told straight away, so they could cancel those cards,” said BBC reporter Joe Lynam.
While Carphone is alerting all customers it believes were affected by the breach, every customer should take precaution and check in on his or her account information just to be safe. The best solution at this point is to change your username, passwords, and to receive a new credit card number from your bank if possible. Contact your bank if you see any deductions or withdrawals on your online account that look suspicious or that you don’t remember. Lastly, it might be best to carry currency with you, tangible money to spend so that you can keep an eye on your account for a while. While cash and ATMs can prove inconvenient when compared to a plastic card, they could help you avoid any other potential data breaches.