The cyber attack on UK mobile phone retailer Carphone Warehouse, which saw hackers steal the personal details of up to 2.4 million customers, is unlikely to impact the insurance market, The Insurance Insider understands.
Broking and underwriting sources in the cyber market have indicated that Carphone Warehouse did not have a specific cyber policy in place at the time of the breach, and that any subsequent claims would therefore fall solely on the retailer.
However, any loss is likely to be relatively small, with underwriters estimating loss costs at between £5mn and £10mn ($7.8mn-$15.6mn).
Carphone Warehouse may also face a fine from the Information Commissioner’s Office, the UK regulator responsible for personal data protection. The watchdog can impose fines of up to £500,000 if a company is found to have not done enough to protect its customers’ personal information.
The 5 August attack occurred after hackers swamped Carphone Warehouse’s systems with junk traffic, which acted as a smokescreen allowing them to break into the network and steal the personal details – including bank and credit card information – of more than 2.4 million customers, according to a report in the Daily Telegraph.
Christian Davies, a broker at Safeonline, told The Insurance Insider: “This is the first major cyber breach of a retailer in the UK since the media’s interest in cyber has taken off. With regards to how this might play out, apparently the breach was discovered three days before it was made public, which would potentially fall foul of the expected new EU data legislation,” he said.
“The after effects of this breach might be tricky; as notification was made via email, this should mitigate notification costs as per the US, and credit monitoring seems to have been advised.”
This isn’t the first time a UK telecoms company has been targeted by hackers: in late 2014, broadband provider TalkTalk suffered a similar data breach.
Fraudsters pretending to work at the company telephoned customers, quoting them their TalkTalk account numbers and other personal data. Having gained the victims’ trust, the fraudsters were able to extract thousands of pounds from their bank accounts in several cases.
TalkTalk refused calls for compensation and denied any liability. TalkTalk used to be part of the Carphone Warehouse group until the two demerged in 2010.
The two firms still have close commercial ties and may share similar back office systems. Up to 480,000 TalkTalk Mobile customers are thought to have been affected by this month’s breach.
Dixons Carphone – the company that owns Carphone Warehouse following the firms’ merger in 2014 – declined to comment.
Read the full article here.