Carphone Warehouse has taken three days to disclose about a sophisticated attack that may have impacted more than 2.4 million customers.

The British mobile phone retailer Carphone Warehouse has been hacked and nearly 2.4 million customers records could have been compromised.

On 5 August 2015 the experts of the company discovered that the IT infrastructure of three of its online UK businesses had been victim of a sophisticated cyber attack. Data accessed by the hackers may include some personal details and encrypted credit card details.

The hackers breached the websites onestopphoneshop.com, e2save.com and mobiles.co.uk, which also provide a number of services related to mobile phone contracts to iD mobile, TalkTalk mobile, Talk mobile and Carphone Warehouse.

The company added that up to 90,000 subscribers may have had their encrypted credit card details swiped during the cyber attack.

c1

The Carphone company has issued the following statement following the cyber attack:

What has happened?
On 5 August 2015 we discovered that the IT systems of three of our online UK businesses had been subject to a sophisticated cyber attack. At this stage, our investigation indicates that some of the data held on our systems has been accessed and this may include some personal details, including customer name, address, date-of-birth, bank and encrypted credit card details.

Who is affected?
The three websites affected are onestopphoneshop.com, e2save.com and mobiles.co.uk. These websites also provide a number of services related to mobile phone contracts to iD mobile, TalkTalk mobile, Talk mobile and Carphone Warehouse.

We don’t believe that any other Carphone Warhouse customer data or Currys PC World data has been accessed.

How will I know if I’ve been affected?
We’ve emailed all customers who we believe may have been affected with information and advice.

If you have not received a communication from us regarding your data security, your information should not be impacted and this message does not apply to you.

The disconcerting aspect of the new data breach is that even individuals that aren’t a direct customer of Carphone Warehouse may have been affected. The list of victims may include nearly 480,000 Talk Talk Mobile customers.

The attack may have compromised data belonging to many customers of Carphone Warehouse, Talk Talk, mobiles.co.uk, and the companies.

The website of mobiles.co.uk was down in the last days, officially due to “technical difficulties,” but the reality is quite different.

c2

Sebastian James, group chief executive of Dixons Carphone, also confirmed the attack in an official in a statement.

“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems,” said James.

Unfortunately, victims are exposed to identity theft and other type of scams, expert suggest victims to carefully monitor their bank accounts.

The Register confirmed that the firm wanted to be sure of the number of people impacted by the incident before notifying customers about the data breach, but according security expert this delay could expose customers to further attacks.

There is no information about the specific attack, users urge to change their passwords, especially if the same credentials are shared among different web services and websites.

Stay Tuned!

Pierluigi Paganini