Believed to have occurred during the two weeks prior, Carphone Warehouse (CW) announced that the names, addresses, dates of birth and bank details of up to 2.4 million customers may have been accessed in a cyber-attack discovered on Wednesday.

Up to 90,000 encrypted credit card details may have been breached.

Thierry Karsenti, Check Point's technical director, warns that the stolen data is likely to be used as bait for targeted phishing attacks against customers. Customers may be getting infected spam emails purportedly from Carphone Warehouse or one of its subsidiaries.

Karsenti said: “Armed with the data they already have, attackers are likely to try and trick those affected by the breach into revealing further details, such as account numbers and passwords.

“For the attackers, it's just a numbers game, but it could have serious consequences for customers. Phishing emails continue to be the most common source for social engineering attacks, so customers should be suspicious of any emails, or even phone calls, that relate to the breach, and should not give away more information.”

Carphone Warehouse sent an email to customers telling them to notify their bank and credit card company, so they can monitor account activity, as well as advising them to change the password for their online accounts.

Data security expert Jason du Preez, CEO of Privitar said: “This data breach is yet another high-profile reminder that it is impossible for companies to protect their customer's data with traditional perimeter security."

Carphone Warehouse says the hack was stopped "straight away" after it was discovered on Wednesday afternoon, and that the company has launched a forensic investigation with a ‘leading cyber security firm'.
Source: SCMagazine