The National Cyber Security Centre (NCSC), part of GCHQ, said today it is working with Dixons Carphone on mitigation measures, after the retailer said it was investigating a data breach involving 5.9m payment cards and 1.2m personal data records.
The company announced earlier on that there was an attempt to compromise 5.9m cards in one of the processing systems of Currys PC World and Dixons Travel stores.
The majority of these cards had chip and protection, but around 105,000 non-EU issued payment cards were compromised.
Read more: Dixons Carphone finds data breach with millions of records accessed
Separately, the investigation has found that 1.2m records containing non-financial personal data – such as name, address and email – had been accessed.
Dixons Carphone had already said it had informed the relevant authorities, including the Information Commissioner’s Office, the Financial Conduct Authority, and the police.
This afternoon, intelligence agency NSCS said it was working with the National Crime Agency, FCA, and ICO on this to gauge the impact on customers.
A spokesperson said:
The National Cyber Security Centre is working with Dixons Carphone and other agencies to understand how this data breach has affected people in the UK and advise on mitigation measures.
Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts.
The NCSC website offers advice to organisations about ensuring their online security is as robust as possible, including guidance on protecting bulk personal data from cyber attack.
Dixons Carphone chief executive, Alex Baldock, said: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here.
“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”
Read more: Cybersecurity start-up edges closer to unicorn status