Carphone Warehouse breach

Next story


Carphone Warehouse suffered a “sophisticated cyber attack” recently which has affected an estimated 2.4 million customers. Information such as names, addresses, DoB and bank details are at risk.

On Wednesday 5th August Carphone Warehouse suffered a cyber-attack which resulted in the theft of customer’s personal information.

They neglected to inform their customers until the 8th. Past and present Carphone customers are advised to keep an eye out for spear phishing emails and potential fraud.

What happened?

Mark James, ESET IT security specialist, goes deeper into what happened and what the risks are for customers.

“[Carphone Warehouse] state that names, addresses, dates of birth and bank details of up to 2.4 million customers could have been accessed in the breach along with the possibility of 90,000 customers may also have had their encrypted credit card details accessed.

“As usual in these situations they are very sorry about the attack and want to enforce the fact they "Take the security of customer data extremely seriously, and are very sorry that people have been affected by this attack on our systems." But sadly that won’t help anyone that is directly affected.

“Data from this breach may well be used in an attempt to directly log into other financially related systems as some people still fail to have unique passwords for different online accounts.

“This data may also be used in targeted phishing attacks to get more useful data that could also be used for identify theft or other malicious purposes.

“We all know how to handle that random caller or email that tries to scam us with a half-hearted attempt at gaining our trust but if they are armed with some kind of information that is true along with some knowledge of our explicit data (names, addresses) that trust could be the stepping stone to a successful scam being completed.”

What should customers do?

“Be vigilant against people calling or emailing with sporadic bits of information in an attempt to gain more data about you, change your passwords NOW.”

If you have trouble remembering or even creating long, unique and complex passwords then consider using a password manager such as LastPass.

“Also remember that you can use different bits of information when filling out forms or applying for web page access, you don’t need to tell the truth about your favourite colour or your first dogs name.

“Speak to your bank or financial organisation so they are aware and if still concerned sign up for a reputable credit checking organisation to keep an eye on your credit activity, lastly keep an eye on your bank statements especially small sporadic payments that are classed as “under the radar” that sometimes can be used to test your bank details.”

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.

Are you a Carphone Warehouse customer? How have you been affected?