British mobile phone and electricals retailer Dixons Carphone said on Wednesday it had become the latest victim of cyber crime after discovering unauthorized access to its payment card data.
“We have taken action to close off this access and have no evidence it is continuing. We have no evidence to date of any fraudulent use of the data as result of these incidents,” the company said.
It said its ongoing investigation indicated there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores.
It said 5.8 million of these cards had chip and pin protection and the data accessed contained neither pin codes, card verification values (CVV) nor any authentication data that would enable cardholder identification or a purchase to be made.
However, it said 105,000 non-EU issued payment cards which do not have chip and pin protection had been compromised.
Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers.
It said it had found no evidence of any fraud on these cards as a result of this incident.
Dixons Carphone’s shares were down 5 percent at 0718 GMT.
The group said it had also found that 1.2 million records containing non-financial personal data, such as names, addresses or email addresses, had been accessed. It said there was no evidence of fraud here either.
“We are extremely disappointed and sorry for any upset this may cause,” said Chief Executive Alex Baldock.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here,” he said.
Baldock joined the group in April.
The group said it had informed the Information Commissioner’s Office (ICO), the Financial Conduct Authority (FCA) and the police about the incident.
Last month Dixons Carphone warned on profits and said it would have to close shops, wiping more than 500 million pounds off its market value.
Britain's Dixons Carphone discovers data breach affecting 5.9 million payment cards