Carphone Warehouse hack: who’s been affected?
2.4 million customers hit by attack on Carphone's websites - are you one of them?
Carphone Warehouse has apologised after admitting that 2.4 million customer records have been stolen from three of the company’s websites. The stolen data includes bank and encrypted credit-card details, according to the company.
The attack wasn’t targeted at the main Carphone Warehouse website, but three of the company’s subsidiary sites: onestopphoneshop.com (now seemingly defunct), e2save.com and mobiles.co.uk. However, even Carphone group customers who haven’t made purchases directly from any of those three sites may still be affected, with the company reporting that “these websites also provide a number of services related to mobile phone contracts to iD mobile, TalkTalk mobile, Talk mobile and Carphone Warehouse”.
The stolen data includes customers’ name, address, date of birth, bank and encrypted credit card details. Carphone hasn’t revealed details of how the credit card details were encrypted, making it hard to tell if that data is vulnerable.
So, how do you know if your details have been stolen? Carphone says it has emailed “all customers we believe may have been affected with information and advice”, although customers should take particular care with emails that appear to be arriving from the company. The thieves may well use the stolen database to launch phishing attacks on customers, urging them to click on malicious links to reset their password, for instance.
Aside from contacting the affected customers, it seems the company is attempting to brush the attack under the carpet. The main Carphone Warehouse website makes no obvious mention of the attack (the company’s latest press statement comes from December 2014) and neither do either of the two attacked websites that are still up and running.
Security experts are warning the company’s customers to be wary. “My advice is to keep a close eye on your bank statements, looking out for unusual purchases,” says indpendent security analyst, Graham Cluley, writing on his blog.
The group chief of Dixons Carphone, Sebastian James, says the company takes “the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems”.