Carphone Warehouse Data Leak
12th August 2015
Another week, another data breach. This time it was the turn of Dixon's-owned Carphone Warehouse.
Over the weekend the phone company admitted that the hack has potentially led to the theft of unencrypted, sensitive data belonging to up to 2.4 million customers, including names, addresses, date of birth and bank details. In addition, encrypted credit card information belonging to up to 90,000 customers may have been stolen.
However, if Frank Abagnale of Catch Me If You Can Fame is right this is not a new crime. Recently he issued a warning to UK businesses that almost everyone in the country has already had their identity stolen by digital fraudsters. He claimed that data hacks that come to light often aren’t recent; they have taken place three or fours years earlier. This has serious repercussions, not just for ID fraud, but for deceased ID fraud. It is likely that of the 2.4 million customers affected some will have passed away since the hack actually took place. Theoretically, if only 0.5 per cent of customers had died in the intervening period between theft and discovery, that equates to 12,000 deceased records up for grabs.
Deceased data has a much higher market value than 'live' data as the fraud typically goes undetected for longer. In the UK organised criminal groups are selling lists of deceased individuals compiled from obituaries reported in the media. Software exists that can match the details of dead people with personal data that has been stolen, meaning that the Carphone Warehouse breach will provide rich pickings. As with traditional ID fraud all fraudsters need to do is apply for credit in the dead person’s name and use it to buy expensive items, like computers, pay as you go phones, designer clothes, that can be easily sold on the black market.
Whilst financial organisations have tightened up means of flagging deceased ID fraud most cases still go unchecked and thousands of pounds of bogus credit is used up each day. Data files, like our market leading file, Halo, exist that can flag people that have passed away meaning that fraudsters can be thwarted at the credit application stage, rather than once the credit has been issued. This has the potential to save millions of pounds each year in fraudulently obtained goods.