The Dixons Carphone data breach involves 5.9 million customer bank card details and 1.2 million personal data records.
Here are some key questions for consumers.
How can I find out if I’m affected?
Dixons says the vast majority of the cards involved – 5.8 million – have chip and pin protection and attackers have not gained access to pin codes, CCV (card verification value) security numbers or any authentication data which could enable them to identify the cardholder or make purchases.
However around 105,000 non-EU issued payment cards which do not have chip and pin protection have been compromised. Dixons says it immediately notified the card companies and banks, which are taking “the appropriate measures to protect customers”.
Separately, 1.2 million records containing non-financial personal data, such as name, address or email address, have been accessed but Dixons says it has no evidence at this stage that this information has left its systems or resulted in any fraud.
Dixons Carphone is writing over the coming days to those customers whose personal data was breached, “to inform them, to apologise, and to give them advice on any protective steps they should take”.
What is the advice from Dixons?
If you receive an unsolicited email, letter, text or phone call asking for personal information, never reveal any full passwords, login details or account numbers until you are certain of the identity of the person making the request.
If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040 or on the Action Fraud website.
Is there anything else I can do to protect myself?
Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach as scammers may try to take advantage of it.
How can I prevent myself from falling victim to a scammer?
If you receive a call from anyone you are not sure about, do not give out any personal details or passwords and take steps to check their identity.
Ask them to give you details only the company they claim to be calling from would know – for example, details of your service contract or how much you pay per month.
If you still have concerns about the caller’s identity, hang up and call the company back.
Bear in mind scammers may have access to more of your personal information than seems normal. So if you are at all suspicious hang up, look up the organisation’s number and call it yourself.