We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Dixons Carphone data breach affected far more than first thought - MSE News
Former_MSE_Callum
Posts: 696 Forumite
Dixons Carphone has said its data breach last year saw around 10 million records containing personal data accessed - far more than it first reported...
Read the full story:
'Dixons Carphone data breach affected far more than first thought'
Click reply below to discuss. If you haven’t already, join the forum to reply.
'Dixons Carphone data breach affected far more than first thought'
Click reply below to discuss. If you haven’t already, join the forum to reply.
Read the latest MSE News
Flag up a news story: news@moneysavingexpert.com
Get the Free MoneySavingExpert Money Tips E-mail
Flag up a news story: news@moneysavingexpert.com
Get the Free MoneySavingExpert Money Tips E-mail
0
Comments
-
Same old, same old.......
Every time it's the same old story.
1 Keep it quiet for as long as you can get away with it.
2 If you have to come clean, tell everyone it's a minor breach with no real security issues.
3 Tell everyone the number of people affected is small - say, a million.
4 Later, when the original fuss has died down say it was 5 million.
5 Later still, get a bit nearer the truth with 10 million.0 -
The most shocking part of this, is that they had 10 million customers.0
-
Once again, selective sensationalising - given the financial nature of this site it would surely have been more pertinent to focus on the bit in bold (which is a development since the initial story) rather than the increased number of records?Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated.0
-
Once again, selective sensationalising - given the financial nature of this site it would surely have been more pertinent to focus on the bit in bold (which is a development since the initial story) rather than the increased number of records?
Maybe but with email, home address, name, phone number, they can still phish you for your other details.
I'ts not all about getting your credit details and bank accounts up front.
There is more than one level of fraud.The more I live, the more I learn.
The more I learn, the more I grow.
The more I grow, the more I see.
The more I see, the more I know.
The more I know, the more I see,
How little I know.!!
0 -
Yes, that's all undoubtedly true, but since when do losses of non-financial data from non-financial companies warrant editorial attention on this site?Maybe but with email, home address, name, phone number, they can still phish you for your other details.
I'ts not all about getting your credit details and bank accounts up front.
There is more than one level of fraud.0 -
After the last breach of data (only 5 million people) I contacted Dixons Carphone and asked them to delete my personal details (as they must do on request under the new GDPR regulations). They refused to do so unless I sent in further proof of my identify such as a copy of my passport and utility bills for my address.
Given that they can't look after my simple personal data I'm not inclined to give them more important information.
They said that, as I haven't proved my identity, they couldn't delete my personal data. So much for following the spirit of the GDPR rules!0 -
To be fair, organisations have the right to seek proportional evidence of ID when receiving such requests, as per https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/:After the last breach of data (only 5 million people) I contacted Dixons Carphone and asked them to delete my personal details (as they must do on request under the new GDPR regulations). They refused to do so unless I sent in further proof of my identify such as a copy of my passport and utility bills for my address.
Given that they can't look after my simple personal data I'm not inclined to give them more important information.
They said that, as I haven't proved my identity, they couldn't delete my personal data. So much for following the spirit of the GDPR rules!Can we ask an individual for ID?
If you have doubts about the identity of the person making the request you can ask for more information. However, it is important that you only request information that is necessary to confirm who they are. The key to this is proportionality. You should take into account what data you hold, the nature of the data, and what you are using it for.
You must let the individual know without undue delay and within one month that you need more information from them to confirm their identity. You do not need to comply with the request until you have received the additional information.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.9K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.2K Life & Family
- 258.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards