Hackers walked away with names, addresses and phone numbers of 2 million CeX customers but no financial details were stolen.
In an e-mail to affected customers yesterday (Tuesday, August 29), CeX confirmed that they had suffered an online security breach that compromised personal data belonging to millions of customers.
Hackers behind the cyber-attack could not get their hands on any financial data but managed to compromise encrypted data from expired credit or debit cards that CeX stored prior to 2009.
Data compromised by the hackers includes first names, surnames, addresses, email addresses and phone numbers of registered CeX customers.
Following the breach, CeX admitted that even though they had a robust security programme in place, additional measures were required to prevent such a sophisticated attack.
The same have been implemented by the retailer with the help of a cyber-security specialist.
CeX has advised all registered users to immediately change the passwords for their webuy online accounts and to ensure that the old passwords weren’t used in any other accounts.
“Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services.
“As such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password,” the retailer said.
The retailer is now working with the police and other relevant authorities to find out who conducted the cyber-attack and exactly how much data was stolen.
CEX has stores in Bognor Regis, Brighton, Chichester, Crawley, East Grinstead, Eastbourne, Hastings, Horsham, Hove, and Worthing.