In August of this year, the Carphone Warehouse store chain was the victim of a hacking operation. The hackers used a denial of service (DoS) attack to divert and steal in parallel the data concerning 2.4 million customers.
The data stolen were the customers’ names, addresses and dates of birth. For 90,000 of them, payment card numbers were also stolen. It seems that the hackers deployed a DoS attack against the Carphone Warehouse information system while penetrating the databases. The security personnel are thought to have been too busy restarting the systems to notice the exfiltration of data.
The use of a DoS attack as a diversion is not new, but seems to be increasing. Two signs may indicate that a DoS attack has been used for this purpose: the attack is powerful, but of limited duration, and the hackers make no demands or extortion attempts.