Carphone Warehouse Hack May Affect 2.4 Million Customers

Dixons Carphone Plc is still notifying customers after as many as 2.4 million were exposed to hackers who broke into the electronics retailer’s systems this month.

The attackers may also have accessed encrypted payment-card details of 90,000 customers. The company doesn’t have an update on who was behind the attack, a spokeswoman said Monday.

The hack was a distributed denial of service attack, or DDoS, where multiple infected computers attack a network to disrupt services, according to TalkTalk Telecom Group Plc, whose mobile customers were affected. This latest attack shows the need for retailers to have multiple layers of security, and the importance of encrypting more than just credit-card details, Mark Bower, director of HP Security Voltage, Hewlett-Packard Co.’s data protection arm, said in an e-mail.

“Attackers will steal any sensitive data, like account data, contact information and so on, as they can repurpose it for theft,” Bower said. “Attackers who steal useless data they can’t monetize quickly move on to other targets.”

The Information Commissioner’s Office, the U.K. data protection watchdog, also said it’s looking into the breach.

Security practices at retailers and financial institutions are coming under greater scrutiny after a wave of high-profile breaches including customer data theft at Target Corp. and JPMorgan Chase & Co. Target agreed to pay banks $19 million for costs incurred in the 2013 breach after millions of customers’ payment-card and personal information was exposed. JPMorgan said last year that data breaches affected 76 million households and 7 million small businesses.

The Dixons attack, discovered on Aug. 5, affected the division that runs the, and websites, as well as provides services to TalkTalk Mobile and TalkMobile. Most customers at Carphone Warehouse, Currys and PCWorld units had data stored on a separate system and were unaffected, the company said.

Shares fell 0.8 percent to 452.30 pence in London trading at 11:46 a.m. The stock has declined 2.2 percent this year.