Carphone Warehouse data breach could affect 2.4 million customers
The personal details of up to 2.4 million customers may have been accessed after a division of Carphone Warehouse was hit by a "sophisticated" cyber attack, the mobile phone retailer has said.
The encrypted credit card information of up to 90,000 people may have been accessed during the attack, the firm warned.
An investigation carried out by the company found that names, addresses, dates of birth and bank details of customers could have been accessed.
A Carphone Warehouse spokesman said the attack was stopped "straight away" after its own systems discovered it on Wednesday afternoon.
Asked when the data breach began, he replied: " The evidence indicates within the last two weeks before Wednesday afternoon.
Sebastian James, group chief executive of Dixons Carphone, said: " We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.
"We are, of course, informing anyone that may have been affected, and have put in place additional security measures."
The affected division of Carphone Warehouse operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some Carphone Warehouse customers.
The firm said in a statement: " On August 5 we discovered that the IT systems of a division of Carphone Warehouse in the UK had been breached by a sophisticated cyber-attack."
It went on: " We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected.
"We have also put in place additional security measures to prevent further attacks."
Carphone Warehouse said it was contacting all customers who may have been affected to inform them of the breach and to advise them on how to reduce the risk of further consequences.
The company added that the customer information of Currys and PC World - and the "vast majority" of Carphone Warehouse - is held on separate systems and was not accessed during the attack.
There have been a number of high profile cyber attacks and viruses, including the Heartbleed vulnerability, first detected in April last year, that left millions of websites open to attack and led to the hacking of sites including Yahoo and Mumsnet.
Other cases included an attack on Sony Pictures that reportedly originated in North Korea in retaliation to Hollywood film The Interview, which depicted the assassination of Kim Jong-un.
E-commerce giant eBay was also the victim of a cyber breach last year.
A TalkTalk spokesman said: " Our mobile sales site, mobile.talktalk.co.uk, hosted by a division of Carphone Warehouse, was subjected to a sophisticated cyber attack last week, along with a number of similar sites.
"We took the site down immediately and are carrying out thorough security checks before they restore it.
"However, we understand that the personal data of our mobile customers may have been accessed during the attack.
"We are working with Carphone Warehouse to establish exactly what has happened and how many customers have been affected, but as a precaution we are contacting all affected customers today to let them know what has happened and what steps they should take as a result.
"We take the security of all customer data extremely seriously and whilst we work with Carphone Warehouse to investigate this incident and establish the extent of the attack, customers are advised to look out for any suspicious online or account activity.
"As this type of cyber attack becomes more and more common, companies and consumers need to stay vigilant."
Tony Neate, chief executive of Government-backed web security initiative Get Safe Online, said: " This news is hugely concerning for Carphone Warehouse customers.
"With the stolen data potentially including names, addresses and dates of birth, hackers could also gain access to your other online accounts if you are using any of this information for your passwords.
"If this is you, now is the time to give your passwords an overhaul - think of something unpredictable and different for every account.
"Carphone Warehouse is said to be getting in touch with customers who need to notify their bank and credit card company, but don't be fooled by emails or phone calls pretending to be them.
"There will always be more cyber criminals looking to exploit the situation and trick you into sharing information a legitimate company would never ask for."
A spokesman for the Information Commissioner's Office said: "We have been made aware of an incident at Carphone Warehouse and are making inquiries."