The Carphone Warehouse, a phone retailer, has reported that on 5 August 2015 it discovered that one of its divisions had been the subject to a cyber attack.
It's investigation indicated that the personal data of up to 2.4 million customers may have been accessed including encrypted credit card data. The division affected operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and provides a number of services to iDMobile, TalkTalk Mobile, Talk Mobile, and to certain customers of the Carphone Warehouse.
Personal data is defined under the Data Protection Act 1998 as data which relates to a living individual who can be identified (a) from those data or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.
In this case, the Carphone Warehouse was the data controller and it would be possible to identify individuals from their credit card information.
The Information Commissioner's Office has been informed and is making it's own enquiries.
The Centre for Economics and Business Research believe that defending Britain against cyber-attacks and repairing the damage done by hackers who penetrate security systems costs businesses around £34bn a year.
To read the press release from the Carphone Warehouse, please click here.
To read the update from the ICO, please click here.