Carphone Warehouse data breach 'affects millions'

id theft person©iStock.com/KyKyPy3HuK

THE personal data of 2.4 million Carphone Warehouse customers may have been stolen by hackers in a "sophisticated cyber attack", the retailer has said.

The breach occurred last Wednesday, but the company didn't go public with the news until Saturday.

Carphone Warehouse say that the stolen data could include customers' names, addresses, dates of birth and bank details. A further 90,000 may have had their encrypted credit card details accessed.

Impersonation fraud

It's likely that the stolen data will be sold to other criminals, say experts.

"There's a ready market in this sort of information," says technology analyst Tom Cheesewright. "You might pay £5-10 for one set of credit card details, maybe twice that for a full identity."

A full identity is particularly valuable as it enables cyber crooks to do anything from taking out loans to applying for credit cards.

On the rise

Identity fraud is becoming more frequent - levels increased by 27% in the first quarter of 2015 alone.

Only recently we reported that one in four of us has been a victim of ID fraud, losing an average of £1,200.

While it's possible to take out insurance against our identities being stolen, this doesn't actually cover money that criminals have done us out of by using our identity. Read our guide for information on exactly what ID theft insurance does cover.

Playing it safe

The cheapest way to stay safe online is by taking a few simple precautions. We've discussed elsewhere how keeping your operating system and anti-virus software up to date can go a long way to protecting your privacy.

It's also wise to stick with websites you're familiar with and avoid giving personal information away on public forums. Read our full guide on how to browse in relative safety.

Waning trust

If we're being careful how we use the internet, then it's reasonable to expect others to do the same - particularly companies to whom we've entrusted our personal details.

Unfortunately, it sometimes feels that criminals have the upper hand. This year alone, hackers have compromised the security of some pretty big brands - eBay, Amazon, RBS banking group and Sony, to name just a few.

Companies found to have provided inadequate protection for their customers are fined by the Information Commissioner's Office (ICO). This goes some way to encouraging organisations to look after our information.

For example, Sony were fined £250,000 by UK regulators after the personal data of PlayStation customers was stolen - though this was a decision the company fought to the bitter end.

The Carphone Warehouse hack could result in a fine of up to £500,000, pending an investigation by the ICO.

It will also cause a lot of red faces - particularly for those at TalkTalk; the Carphone Warehouse IT systems that were hacked also provided services to TalkTalk Mobile.

Embarrassing

It's less than a year since TalkTalk's last major security upset, so this new breach will be felt particularly keenly.

In late 2014, hackers accessed the names, account numbers, addresses and phone numbers of thousands of customers.

Scammers used this information to pretend to be TalkTalk employees, and con people into giving up credit card details or installing malicious software.

A "small number of customers" were still being contacted in April 2015.

At the time, a somewhat touchy spokesperson urged people to be vigilant, "as criminals are increasingly trying to defraud consumers in this way, going after companies in many different sectors, not just TalkTalk".

What to do

Anyone who worries they've been affected by a security breach should immediately notify their bank and credit card company. Financial organisations tend to be hot on fraud and will monitor account activity on their customers' behalf.

It's also wise to change passwords and keep an eye (and ear) out for anything unusual. Be suspicious of anyone calling and asking for personal information - and check credit scores afterwards to make sure that no one has tried to use your name to apply for credit.

Please read our full disclaimer for important information that relates to the service we provide and your use of this site.

We aim to provide free reviews and comparisons of consumer products and to keep our editorial content as objective as possible. To keep the site free, we are paid by some providers when new customers take products after they've clicked on our links. We don't allow our editorial content to be affected by those links, however we may not include all of the products available in the market. Finally, we do not submit or process any applications for any products or services and we cannot guarantee that any product or service listed on this website will be available to you. Credit providers make the final decision on whether an application for credit will be accepted.

If you would like to get in touch with us you can contact us here.