Tech trade-in retailer CeX has suffered a data breach, which could affect top to two million of its registered website customers.
In an email to its customers, managing director David Mullins said it was investigating the breach “as a priority” and that they would be “taking a number of measures to prevent this from happening again.”
It is believed that the breach was a result of an unauthorised third party accessing CeX’s computer systems, with customer information including names, addresses, email details and phone numbers compromised.
The email by Mullins also stated that for “a small number of customers” the breach may also extend to encrypted data from expired credit cards up to 2009, although it was unlikely any payment information was taken as CeX ceased storing customer cards in 2009.
CeX is currently contacting two million of its registered website customers.
“We are taking this extremely seriously and want to provide you with details of the situation and how it might affect you,” Mullins said in the email.
“This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible. Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again.”
CeX is asking all customers to change passwords for its Webuy online account.
“Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services,” the email said. “As such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password.
“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats. Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”