Second-hand electronics retailer CeX has been subject to an online security breach, with the attack affecting up to as many as two million customers.
The company says they are taking the matter ‘extremely seriously’, and has issued guidelines and advice for customers whose personal data may have been accessed.
The guidance states that CeX is contacting up to two million registered website customers as a ‘precautionary measure.’ As an online security breach, it states that no in-store personal membership information has been compromised.
In terms of financial data, the retailer assures customers that it has not stored credit and debit card information since 2009, meaning that any financial information still on its system will be in the form of expired card details. The company says that a ‘small amount’ of this encrypted data may have been compromised.
One point that CeX emphasises is the need for customers to update passwords. The guidance states: ‘Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services.
‘As such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password.’
Going forward, the company states that it’s taken steps to stop the same thing happening again. It is working with police and other ‘relevant authorities’ and has employed a cyber security specialist to review its security processes.
This is on top of what CeX stresses was always a robust security system, which it says was continually updated. The company does admit that this wasn’t enough, stating: ‘Clearly however, additional measures were required to prevent such a sophisticated breach occurring.’