computer security
Auto Added by WPeMatico
Auto Added by WPeMatico
A Dixons Carphone data breach that was disclosed earlier this summer was worse than initially reported. The company is now saying that personal data of 10 million customers could also have been accessed when its systems were hacked.
The European electronics and telecoms retailer believes its systems were accessed by unknown and unauthorized person/s in 2017, although it only disclosed the breach in June, after discovering it during a review of its security systems.
Last month it said 5.9M payment cards and 1.2M customer records had been accessed. But with its investigation into the breach “nearing completion”, it now says approximately 10M records containing personal data (but no financial information) may have been accessed last year — in addition to the 5.9M compromised payment cards it disclosed last month.
“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated,” the company said in a statement.
In terms of what personal data the 10M records contained, a Dixons Carphone spokeswoman told us: “This continues to relate to personal data, and the types of data that may have been accessed are, for example, name, address or email address.”
The company says it’s taking the precaution of contacting all its customers — to apologize and advise them of “protective steps to minimize the risk of fraud”.
It adds it has no evidence that the unauthorized access is continuing, having taken steps to secure its systems when the breach was discovered last month, saying: “We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.”
Commenting in a statement, Dixons Carphone CEO, Alex Baldock, added: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”
Back in 2015, Carphone Warehouse, a mobile division of Dixons Carphone, also suffered a hack which affected around 3M people. And in January the company was fined £400k by the ICO as a consequence of that earlier breach.
Since then new European Union regulations (GDPR) have come into force which greatly raise the maximum penalties which regulators can impose for serious data breaches.
Last month, following Dixon’s disclosure of the latest breach, the UK’s data watchdog, the ICO, told us it was liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers.
Of the 5.9M payment cards which Dixons disclosed last month as having been compromised, it said the vast majority had been protected by chip and PIN technology. But around 105,000 lacked the security tech so Dixons said at the time could therefore have been compromised.
It’s the additional 1.2M records containing non-financial personal data — such as name, address or email address — that have been revised upwards now, to ~10M records, which constitutes almost half the Group’s customer base in the UK and Ireland.
The spokeswoman told us the Group has approximately 22M customers in the region.
https://www.ncsc.gov.uk/guidance/ncsc-advice-dixons-carphone-plc-customers
Powered by WPeMatico
Threat Stack, the Boston-based security startup that helps companies stay protected in the cloud, reeled in a $45 million investment today. It seems that they are in the right place in the right time as news of the Equifax breach swirls on mainstream media. The round includes a big institutional backer, as fellow Boston firm Fidelity Investments participated through their investment arm,… Read More
Powered by WPeMatico
Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices. “Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and… Read More
Powered by WPeMatico
At this point in the game there should be a single page on every corporate website, preferably accessible from its front page, that includes the name and all contact details for the Chief Security Officer, including the last four digits of her social security number. It should be her responsibility to ensure that no one uses this information for nefarious purposes in addition to her daily… Read More
Powered by WPeMatico
The private data of 143 million Equifax “customers” is now available for download. Have no doubt: This means you will be hacked. This means your SIM card can be spoofed. This means someone will try to get into your email and online accounts. This means someone will try to open a credit card in your name. This crass, callow, and lazy treatment of our digital data cannot stand.… Read More
Powered by WPeMatico
In an unsurprising move by credit card thieves, police have found a new credit card skimmer that sends stolen data via SMS. By tearing apart cheap phones, crooks are able to send credit card information to their location instantly without having to access the skimmer physically or rely on an open Bluetooth connection. Brian Krebs received images of the skimmer from an unnamed source. They… Read More
Powered by WPeMatico
This morning on the stage of TC Sessions: Justice, Matt Mitchell of CryptoHarlem discussed his views on the link between surveillance and minority oppression and the importance of taking a preventative approach to security and privacy. Mitchell, a specialist in digital safety and encryption, is dedicating time to creating Protect Your Org, a free, open source, tool for all organizations… Read More
Powered by WPeMatico
If I gave you my phone right you’d be able to figure out a lot of stuff about me. If I didn’t unlock it you’d see some of the news I read, the apps I use, and even some of the messages I’ve gotten from my friends. You’d be able to see that my friend Rick just wrote “If she gets desperate enough, let me know?” which, if taken out of context, is pretty… Read More
Powered by WPeMatico
Researchers at the Georgia Institute of Technology have created a form of ransomware that can hit us where it really counts: the water supply. Their program installed itself in a model water plant and allowed the researchers to change chlorine levels, shut down water valves, and send false readings to monitoring systems.
“We are expecting ransomware to go one step farther, beyond the… Read More
Powered by WPeMatico