NCSC urges action after Dixons Carphone breach

The National Cyber Security Centre (NCSC) is urging UK business to improve data protection capabilities after Dixons Carphone revealed that millions of payment card and personal data records may have been compromised in a cyber breach. The National Crime Agency (NCA) is leading the UK law enforcement response to the cyber intrusion at retailer and services company Dixons Carphone and an attempt to compromise 5.9 million payment cards. The company revealed that 1.2m records containing non-financial personal data – such as name, address or email address – had also been compromised in a breach of one of the processing systems of Currys PC World and Dixons Travel stores. However, in an attempt to downplay the severity of what could be one of the most significant data breaches in the UK, the company said only 105,000 non-EU issued payment cards affected did not have chip and pin protection. Dixons Carphone also said there was no evidence that the information had been used to commit fraud. “We are contacting those whose non-financial personal data was accessed to inform them, apologise and to give them advice on any protective steps they should take,” the company said. Admitting that the company had “fallen short” in protecting the data, Dixons Carphone chief executive Alex Baldock said the company is “determined to put this right”, adding that cyber crime is “a continual battle” for business today. “We are determined to tackle this fast-changing challenge,” he said. The company’s latest data protection woes come just five months after the Information Commissioner’s Office (ICO) fined its Carphone Warehouse subsidiary £400,000 for “rudimentary” security failures that allowed hackers to access the personal data of more than three million customers in 2015.