A major UK retailer has admitted a data breach involving 5.9 million payment cards and 1.2 million personal data records.
Dixons Carphone ( said Wednesday that it had discovered an attempt to compromise card processing systems at its Currys PC World and Dixons Travel stores. )
The company confirmed that card firms have been notified. It said that while its investigation is ongoing, no evidence of fraudulent data use has been found.
“We are extremely disappointed for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here,” CEO Alex Baldock said in a statement.
The retailer added that 5.8 million of the compromised cards are protected by chip and pin number combinations. But around 105,000 of them were issued outside the European Union and do not have the same protections.
Separately, the company said that 1.2 million records containing personal details such as names, addresses or email addresses had been accessed.
“We have taken action to close off this access and have no evidence it is continuing,” the company said.
Shares in Dixons Carphone dropped 4% in London.
Dixons Carphone is one of Europe’s leading mobile phone and electrical goods retailers, operating stores including Currys PC World and Carphone Warehouse.
The UK Information Commissioner’s Office said it was aware of the data breach.
“An incident involving Dixons Carphone has been reported to us and we are liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers,” the agency said in a statement.
CNNMoney (London) First published June 13, 2018: 6:14 AM ET