Cyber Incident Victim: DID Electrical

DID Electrical experienced a data security breach affecting its website, DID.ie, which was discovered during routine monthly checks. The company was notified late on Monday, June 27, 2016, that the site had been compromised by a sophisticated cyberattack. Forensic analysis determined the breach occurred between June 15 and June 26, 2016. The incident impacted 324 online customers exclusively, with no retail customers affected. Of these, 253 individuals had both personal/financial data and name/address details accessed, while 71 customers had only their name and address information exposed. The company identified and eliminated the unauthorized access point following detection. DID Electrical emphasized that customer security protocols triggered the discovery through scheduled monitoring activities, though the exact intrusion method wasn't disclosed publicly.

Upon confirmation of the breach on June 27, DID Electrical initiated containment measures overnight and throughout June 28 to assess the scope. Beginning Wednesday, June 29, the company contacted all 324 affected customers via phone and email, advising those with compromised financial data to review card statements since June 15 and report anomalies to their banks. All impacted customers were instructed to consider canceling and replacing payment cards used on the site. DID established a dedicated contact point for victim support and formally notified Ireland's Office of the Data Protection Commissioner and An Garda Síochána (national police). The retailer stated it would continue collaborating with third-party security providers to audit and reinforce website protections, maintaining coordination with authorities throughout the investigation. No operational disruptions or additional attack vectors were reported beyond the confirmed 11-day compromise window.