LONDON (Reuters) - The personal data of up to 2.4 million customers of Dixons Carphone may have been exposed in a cyber attack, the electrical goods and mobile phone retailer said on Saturday.
The group, which trades as Carphone Warehouse, Currys and PC World in the UK and Ireland, said the attack had been carried out on a division that operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk . It discovered the breach in one of its IT systems last week.
The division also provides services to iD Mobile, TalkTalk Mobile, Talk Mobile, and to some Carphone Warehouse customers. More than 400,000 TalkTalk customers were reportedly affected.
The company said in a statement that it had learned of the data breach on Aug. 5 and had taken immediate action to secure the systems.
Its investigation found that the names, addresses and bank details of up to 2.4 million customers may have been exposed, along with the encrypted credit card data of up to 90,000 customers.
“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems,” Group Chief Executive Sebastian James said.
“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
Dixons Carphone provided few technical details that would allow analysts to measure the extent of the damage, but the breach appeared to be one of the largest exposures of consumer data in Britain and Ireland.
The hacking of RBS WorldPay in 2009 resulted in the theft of 1.5 million credit cards, which led to the theft of $9 million from more than 2,000 ATMs worldwide.
Computer expert Graham Cluley said it was unclear whether passwords had been exposed but advised customers to change them as a precaution.
Reporting by Li-mei Hoang and Eric Auchard; Editing by Kevin Liffey