Bhavesh Kumar

Senior Correspondent, IFSEC Global

August 13, 2015

Sign up to free email newsletters


Whitepaper: Normal service resumed? How video technology supports our new reality

Hackers Extract Bank Details of 2.4m Carphone Warehouse Customers from Website

Hackers Extract Bank Details of 2.4mn Carphone Warehouse Customers from Website

GeographBot under CC BY-SA 2.0

The UK’s data protection watchdog has stepped in to investigate the causes behind the Carphone Warehouse hack that compromised the personal details of up to 2.4 million users.

Details of another 90,000 customer credit cards have also been declared at risk of breach by the mobile phone retailer.

The Information Commissioner’s Office is investigating the incident.

“We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience,” said Carphone Warehouse in a statement.

Customers of, and could also be affected. The company took down the affected websites and emailed a warning to customers when it became aware of the hack on Saturday.

Of the affected records about 480,000 are TalkTalk Mobile customers with the rest being Carphone Warehouse’s direct customers.

The company says additional measures have been taken to prevent a recurrence.

“The reality is that data breaches are no longer a question of if, but when,” said Mike Spykerman, VP at OPSWAT, a data services and security solutions provider.

“At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not. Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines.

“By using multiple anti-virus engines, the possibility that a spear phishing attack is detected is considerably higher. To avoid cyber attacks being successful, companies should prepare their defences by deploying several cyber security layers including device monitoring and management, scanning with multiple anti-malware engines, and advanced threat protection.”

Said Mark Bower, global director at HP Security Voltage: “Today’s new-breed of encryption and tokenisation techniques can render data itself useless to attackers, yet functional to business needs. This technology, such as Format-Preserving Encryption, is proven in leading banks, retailers and payment processors who are constantly bombarded and probed by attackers.

“By securing customer and card data from capture over the data’s journey through stores, branches, databases and analytic systems, businesses can avoid unnecessary decryption required by older generation disk or database encryption techniques.

“Data can stay protected in use, at rest, and in motion, and stays secure even if stolen. Modern vetted and peer reviewed data encryption is infeasible to break on any realistic basis. It’s a win-win for business, as it can be retrofitted to existing systems without complications and business change. Attackers who steal useless data they can’t monetize quickly move on to other targets.”

Download the Intruder Alarm Report 2020

Download this report, produced in conjunction with Texecom, to discover how increasing processing power, accelerating broadband speeds, cloud-managed solutions and the internet of things and transforming the intruder alarm market, and whether firms are adopting these innovative new technologies.


Related Topics

Notify of
Inline Feedbacks
View all comments