Cyberthieves broke into the IT systems of Carphone Warehouse, a large cell phone retailer in the U.K., and may have stolen personal and bank data of up to 2.4 million customers and the credit card details of up to 90,000 customers.
Specifically, the division that was attacked operates the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites, and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some customers of Carphone Warehouse, the company said Saturday in an emailed statement.
The attack, which the company described as "sophisticated," was discovered Wednesday afternoon, and likely happened at some point in the two weeks prior to the discovery. Carphone Warehouse has secured the breached systems, put in place additional safety measures and hired a security company to determine what data was compromised. It is also notifying customers that could be affected.
Compromised data could include names, addresses, dates of birth and bank account information. The credit card details at risk were encrypted. Sebastian James, CEO of parent company Dixons Carphone, apologized, saying he is "very sorry that people have been affected by this attack on our systems."
The attackers didn't access customer data from Currys nor from PCWorld, and they didn't get to "the vast majority" of Carphone Warehouse customer data. That information is held on separate systems that weren't breached.
Still, Alan Woodward, an adviser to EU law enforcement agency Europol and a visiting cyber security lecturer at Surrey University told The Independent that the Carphone Warehouse attack is "one of the biggest we've seen in the last few years" in the U.K.
"British firms are increasingly a target after the big hacks in America of Target and eBay," Woodward told the newspaper.
Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.