European electronic and telecom retailer Dixons Carphone has discovered a massive cyber-attack that have compromised millions of payment cards and personal data records. It is considered to be the largest data breach since the GDPR came into effect.
The cyberattack began in July of 2017 and was discovered only last week, Dixons said. That’s just days after tough new European Union data-protection regulations went into effect.
A company spokesperson determined that “there had been unauthorized access to certain data in relation to an incident that started in July 2017. There is no evidence that it is continuing.”
About 5.8 million of the cards that were accessed had chip-and-PIN protection; as a result, the accessed information did not include PIN codes, card verification values (CVV) or any authentication data enabling cardholder identification, Dixons Carphone said.
Dixons has been targeted twice in the past few years. A cyberattack at the Carphone Warehouse unit resulted in a fine of 400,000 pounds by the Information Commissioner in 2015. In that incident, hackers exposed the personal details of more than 3 million customers and some employees.
In other cyberattacks, about 150 million users of Under Armour Inc.’s MyFitnessPal nutrition-tracking app had their accounts hacked, while Reckitt Benckiser Group Plc lost sales because of a hack that disrupted its supply chain in 2017. The WannaCry ransomware attack crippled parts of the U.K.’s National Health Service last year.
You can read the full article here.