Dixons Carphone now says ~8.8M more customers affected by 2017 breach

Dixons Carphone now says ~8.8M more customers affected by 2017 breach

A Dixons Carphone data breach that was disclosed earlier this summer was worse than initially reported. The company is now saying that personal data of 10 million customers could also have been accessed when its systems were hacked.

The European electronics and telecoms retailer believes its systems were accessed by unknown and unauthorized person/s in 2017, although it only disclosed the breach in June, after discovering it during a review of its security systems.

Last month it said 5.9M payment cards and 1.2M customer records had been accessed. But with its investigation into the breach “nearing completion”, it now says approximately 10M records containing personal data (but no financial information) may have been accessed last year — in addition to the 5.9M compromised payment cards it disclosed last month.

“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated,” the company said in a statement.

In terms of what personal data the 10M records contained, a Dixons Carphone spokeswoman told us: “This continues to relate to personal data, and the types of data that may have been accessed are, for example, name, address or email address.”

The company says it’s taking the precaution of contacting all its customers — to apologize and advise them of “protective steps to minimize the risk of fraud”.

It adds it has no evidence that the unauthorized access is continuing, having taken steps to secure its systems when the breach was discovered last month, saying: “We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.”

Commenting in a statement, Dixons Carphone CEO, Alex Baldock, added: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.

“Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

Back in 2015, Carphone Warehouse, a mobile division of Dixons Carphone, also suffered a hack which affected around 3M people. And in January the company was fined £400k by the ICO as a consequence of that earlier breach.

Since then new European Union regulations (GDPR) have come into force which greatly raise the maximum penalties which regulators can impose for serious data breaches.

Last month, following Dixon’s disclosure of the latest breach, the UK’s data watchdog, the ICO, told us it was liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers.

Of the 5.9M payment cards which Dixons disclosed last month as having been compromised, it said the vast majority had been protected by chip and PIN technology. But around 105,000 lacked the security tech so Dixons said at the time could therefore have been compromised.

It’s the additional 1.2M records containing non-financial personal data — such as name, address or email address — that have been revised upwards now, to ~10M records, which constitutes almost half the Group’s customer base in the UK and Ireland.

The spokeswoman told us the Group has approximately 22M customers in the region.

Dixons Carphone now says ~8.8M more customers affected by 2017 breach
Source: TechCrunch

Grover raises €37M Series A to offer latest tech products as a subscription

Grover raises €37M Series A to offer latest tech products as a subscription

Grover, the Berlin-based startup that offers “pay-as-you-go” subscriptions to the latest consumer tech as an alternative to owning products outright, has raised €37 million in funding.

The Series A round is led by Circularity Capital LLP — a VC that specialises in the so-called “circular economy” — with participation from fintech investor Coparion, Samsung NEXT, and Varengold Bank. Existing investors, including Commerzbank’s Main Incubator, also followed on.

Noteworthy, the funding consists of €12 million in equity and a new €25 million debt facility. Building an inventory of new tech products to rent is quite capital insensitive, after all.

Targeting Germany only, for now (after withdrawing from the U.K. and pausing a soft launch in the U.S.), Grover wants to be something akin to Netflix for gadgets. It offers individual tech products by monthly, three-monthly or yearly subscription, or via its newly launched “Grover Mix” subscription, which has a fixed monthly price and lets you switch item at any time.

In addition, you are afforded some upside protection, should you wish to purchase the item after renting it first. You’re given the option to buy products with 30 percent of your subscription payments to date being deducted from the recommended retail price. For longer rental periods, Grover will also warn you if you are close to reaching 130 percent of the full purchase price and prompt you to consider buying it for €1.

The startup has also been trialling a B2B product aimed at burgeoning companies, dubbed “Startups get Grover”. This I’m told came about after demand from startups who, for example, want to subscribe to a bunch of Macbooks to give to new employees, and as an alternative to deploying upfront capital.

In a call with Grover founder and CEO Michael Cassau, he told me the new capital will be used to expand the company’s market leadership in Germany and re-boot international expansion in a bid to continue a current revenue growth rate of 20 percent per month. He said the startup had taken the decision in early 2017 to focus on Germany, temporarily abandoning internationalization, after it had signed a major partnership with German e-retailer MediaMarkt. It has since also partnered with Saturn, Gravis, Conrad, and Tchibo.

This sees Grover become a checkout option, alongside other payment buttons or financing offers. That way a customer can choose to rent a tech product via their favourite online store powered by Grover. Behind the scenes, Grover actually buys the product from the retailer, having put agreements in place with regards to what products fit the Grover model and aren’t already overstocked by Grover.

Alternatively, in some instances, Grover has a “re-circulation” deal in place so that a retailer can continue offering Grover as an option even if Grover has enough inventory already, and instead take a share of future subscription income. This works particularly well for slightly older products or items that are diminishing in popularity.

In addition to growing in Germany and future international ambitions, Cassau says that the startup plans to invest in the user experience of Grover, suggesting that it has room for improvement. This will include developing “new and innovative usage models,” while he also conceded that with further scale the company can get more customer aligned in terms of the products on offer and its subscription pricing.

At some point, if Grover’s subscription model becomes compelling enough, it’s hoped that purchasing many tech products will become so unattractive as to create Netflix-level changes in consumption behaviour. Or, at least, that’s the aim. In my case, that would mean spending far less time recycling things like smartphones and music technology gear on eBay as I tread a well-trodden and perpetual upgrade path.

Grover raises €37M Series A to offer latest tech products as a subscription
Source: TechCrunch

Tesla is making a $1500… surfboard?

Tesla is making a 00… surfboard?

Tesla is no stranger to branded merch. Its got the standard company swag — the hats, the shirts, and the mugs. It’s got quirkier stuff, like miniature Teslas for kids and USB chargers shaped like the Superchargers that juice up their vehicles.

And now they’ve got… surfboards?

While it’s now gone for some reason, a product page went live in its shop early this morning detailing a $1500 Tesla-branded board (we’ve asked Tesla for insight, but it sounds like they sold out.) Electrek caught the description before the page vanished:

“Designed by the Tesla Design Studio in collaboration with Lost Surfboards and Matt “Mayhem” Biolos, surfboard shaper for World Surf League Championship athletes. The Limited Edition Tesla Surfboard features a mix of the same high-quality matte and gloss finishes used on all our cars. The deck is reinforced with light-weight “Black Dart” carbon fiber, inspired by the interiors in our cars, and featuring tonal logos in subtle contrast gloss.”

(Update: the page is back up now, and it is, in fact, sold out)

While its unclear why the product page vanished, a Google cache of it is visible here, and a few people on Twitter mention being able to get orders in before it went down.

At $1500 before tax, the board is… certainly on the higher end of the surfboard pricing scale. A solid board from a company like JS or Ripcurl would cost you around $750. Most of the boards made by Lost (the company Tesla is doing the collab with here) go for around $700-800. But with a limited run of 200 boards, they’re probably going to sell out here anyway. My gut feeling is that many of these could end up being wall pieces or permanent roof rack accessories rather than shredding up the ocean — but who knows.

And for the curious surfers out there: based on Lost’s other “Black Dart” models, this board comes in at 6’8″ long. It doesn’t come with fins. The now-gone product page said all 200 boards should ship within 2-10 weeks.

Here’s all the photos that were on the product page:

Tesla is making a 00… surfboard?
Source: TechCrunch

Twitter will suspend repeat offenders posting abusive comments on Periscope live streams

Twitter will suspend repeat offenders posting abusive comments on Periscope live streams

As part of Twitter’s attempted crackdown on abusive behavior across its network, the company announced on Friday afternoon a new policy facing those who repeatedly harass, threaten or otherwise make abusive comments during a Periscope broadcaster’s live stream. According to Twitter, the company will begin to more aggressively enforce its Periscope Community Guidelines by reviewing and suspending accounts of habitual offenders.

The plans were announced via a Periscope blog post and tweet that said everyone should be able to feel safe watching live video.


Currently, Periscope’s comment moderation policy involves group moderation.

That is, when one viewer reports a comment as “abuse,” “spam” or selects “other reason,” Periscope’s software will then randomly select a few other viewers to take a look and decide if the comment is abuse, spam or if it looks okay. The randomness factor here prevents a person (or persons) from using the reporting feature to shut down conversations. Only if a majority of the randomly selected voters agree the comment is spam or abuse does the commenter get suspended.

However, this suspension would only disable their ability to chat during the broadcast itself — it didn’t prevent them from continuing to watch other live broadcasts and make further abusive remarks in the comments. Though they would risk the temporary ban by doing so, they could still disrupt the conversation, and make the video creator — and their community — feel threatened or otherwise harassed.

Twitter says that accounts that repeatedly get suspended for violating its guidelines will soon be reviewed and suspended. This enhanced enforcement begins on August 10, and is one of several other changes Twitter is making to its product across Periscope and Twitter focused on user safety.

To what extent those changes have been working is questionable. Twitter may have policies in place around online harassment and abuse, but its enforcement has been hit-or-miss. But ridding its platform of unwanted accounts — including spam, despite the impact to monthly active user numbers — is something the company must do for its long-term health. The fact that so much hate and abuse is seemingly tolerated or overlooked on Twitter has been an issue for some time, and the problem continues today. And it could be one of the factors in Twitter’s stagnant user growth. After all, who willingly signs up for harassment?

The company is at least attempting to address the problem, most recently by acquiring the anti-abuse technology provider Smyte. Its transition to Twitter didn’t go so well, but the technology it offers the company could help Twitter address abuse at a greater scale in the future.

Twitter will suspend repeat offenders posting abusive comments on Periscope live streams
Source: TechCrunch