The personal details of up to 2.4 million Carphone Warehouse customers may have been compromised as the British mobile phone retailer revealed it was the victim of a cyber attack.
The company, which made news public on Saturday 8 August, said that the attack was first discovered three days earlier.
Shares in Carphone Warehouse fell two percent this morning as the UK’s Information Commissioner’s Office (ICO) begins “making enquiries” into how the data breach happened and what can be done about it.
Carphone Warehouse has admitted the encrypted credit card details of up to 90,000 customers may have been breached. The attackers could also have data that includes names, addresses, bank details and dates of birth.
The firm called the incident a “sophisticated cyber attack” that was stopped immediately after being discovered. However it only started notifying affected customers by email on Saturday morning.
It said in a statement: “We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience.”
However, potentially-affected customers are angry at the retailer for not notifying the public earlier.
The chief executive of Dixons Carphone, Sebastian James, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.
“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
Customers of websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk could also be affected, as these are part of the Carphone Warehouse group.
“Armed with the data they already have, attackers are likely to try and trick those affected by the breach into revealing further details, such as account numbers and passwords,” said Thierry Karsenti.
“For the attackers, it’s just a numbers game, but it could have serious consequences for customers. Phishing emails continue to be the most common source for social engineering attacks, so customers should be suspicious of any emails, or even phone calls, that relate to the breach, and should not give away more information.”
Affected customers include 1.9 million who are direct customers of Carphone Warehouse, and almost 480,000 who are customers of TalkTalk Mobile, as the division processes its customer data via Carphone Warehouse.
The attackers are yet to be identified, said the firm.