Aug 082015
 

Kelly Fiveash reports:

Carphone Warehouse has taken three days to go public about a serious data breach affecting nearly 2.5 million customers – with the confession that up to 90,000 subscribers may have had their credit card info ransacked.

The company said in a statement on Saturday afternoon that it had first discovered its systems had been violated by a “sophisticated cyber-attack” on 5 August.

Encrypted credit card data of up to 90,000 customers may have been lifted by malefactors, it added.

Carphone Warehouse said its websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk had been affected by the attack. Those sites provide services for customers at iD Mobile, TalkTalk Mobile, Talk Mobile and an undisclosed number of Carphone Warehouse customers.

Read more on The Register.

Update 1: A copy of TalkTalk’s email notification was posted on Pinterest, here.

Update 2: TalkTalk has posted a notice and FAQ here.  From the FAQ:

Carphone Warehouse is still investigating the exact circumstances of the attack, and at the moment we cannot say for certain that this data has been accessed. The customer data held by Carphone Warehouse was:

Personal details

Title

First Name

Last Name

Marital Status

Date of Birth

Address details

Address

Residential status

Years/months at address

Previous address

Previous residential status

Years/months at previous address

Delivery address

Contact details

Home phone

Daytime phone

Email

Bank details

Bank account number and sort code

Years/months at bank

Occupational details

Occupational status

Years/months in current job

Account details

Created date

TalkTalk account ID

TalkTalk customer ID

TalkTalk landline number

Accept threshold

The credit card numbers of customers who have taken out a mobile product in the last two weeks was also present, but this data was encrypted. In some cases, TalkTalk My Account usernames and passwords were also held.

Sorry, the comment form is closed at this time.