Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Crime United Kingdom

2.4 Million Customer's Records Stolen From Carphone Warehouse 51

AmiMoJo writes: The UK's data watchdog is "making inquiries" after Carphone Warehouse said the personal details of up to 2.4 million of its customers may have been accessed in a cyber-attack. Details taken include names, addresses and bank account details. Additionally, 90,000 people's "encrypted" credit card details were accessed, but there is no word on what type of encryption was used. Customers are advised to contact their banks (who I'm sure will be ready to handle 2.4 million phone calls), keep an eye on credit records and contact Action Fraud, the UK police's outsourced and rather useless fraud reporting centre that last month went bankrupt.
This discussion has been archived. No new comments can be posted.

2.4 Million Customer's Records Stolen From Carphone Warehouse

Comments Filter:
  • by sycodon ( 149926 ) on Sunday August 09, 2015 @11:11PM (#50282563)

    ...it's not something Paul Potts [youtube.com] has to worry about.

  • by John Bokma ( 834313 ) on Sunday August 09, 2015 @11:16PM (#50282579) Homepage
    "Additionally, 90,000 people's "encrypted" credit card details were accessed, but there is no word on what type of encryption was used" Wouldn't surprise me if it was ROT-13, applied twice for twice the security :-(.
    • by AmiMoJo ( 196126 )

      I like the way their attitude is "sorry, now sort it out yourself LOL". They should contact affected people's banks and either set up their own fraud reporting service or donate some serious cash to Action Fraud. Hopefully the ICO will give them a punishing fine for this.

      • Re: (Score:3, Interesting)

        Comment removed based on user account deletion
        • There are serious restrictions on what can and what can not be done due to privacy laws in Europe.

          For example, is it illegal to store a credit card number, even if encrypted? It ought to be.
          In the United States, if you take all the precautions required under PCI, you can store the credit card, but it is far safer to only send the credit card number to the processor once and receive a token back which is a hash associated with the card AND with your merchant account so even if stolen and somehow used, it cannot be used for the benefit of the thief.

    • Is that the code where 1 becomes K, 2 becomes L and so on?

  • by Anonymous Coward
    My face when an American called a touchy-wuchy mobile-carphone an "iPhone" near me.
  • It's what you get when you hire the likes of Darren Lamb.
  • Doesn't matter if they were encrypted if they decryption key(s) were also stolen...

  • It seems every day there's some breach where millions of people are affected. It seems like same ol' same ol'... like traffic accidents typically not reported.
    • by guruevi ( 827432 )

      Because people treat these companies as victims to the crimes, not accessories to the crime or criminally negligent. If anyone in politics/policing would actually know anything about cybercrime, they would charge them as either accessories or negligent.

I THINK THEY SHOULD CONTINUE the policy of not giving a Nobel Prize for paneling. -- Jack Handley, The New Mexican, 1988.

Working...