Million CeX Customers Affected in 'Sophisticated' Data Breach

Posted August 31, 2017

It now appears the data breach only affects those who have made online transactions through the CEX website, and not the data of those who created in-store membership cards.

The company said it is working with the police following the breach, after an "unauthorised third party" accessed the online account holder data.

United Kingdom shop CEX recently suffered an online security breach that may affect up to two million of its customers.

In an online statement, the retailer revealed that the personal information compromised could include first name, surname, address, email address and phone number, if the customer supplied them. CEX stressed that it did not have any current card data stored for customers' accounts as it ceased storing customer card details in 2009.

Data breaches have affected a number of online retailers in the past and they could be subject to larger fines in the future once the EU's GDPR legislation comes into force in 2018. "Together we have implemented additional advanced measures of security to prevent this from happening again", the company added.

CeX advised people affected by the breach to change their passwords on any site that uses a similar password.

If you've ever sold games or used phones via second-hand electronics dealer CeX's website, you should probably change your passwords right now.

The company says they are taking the matter "extremely seriously", and has issued guidelines and advice for customers whose personal data may have been accessed.

HI TEC pawnbroker CeX has announced a breach of its online systems which could expose details of 2m users.

Only online customers are affected, not those who signed up for a membership card in store.

CeX has 575 stores worldwide, including 363 in the United Kingdom, and sells pre-owned video games and consoles, smartphones, computers, tablets, movies, and other electronic products.

Javvad Malik from the security firm Alien Vault told the BBC that it was "surprising" that Cex still stored customer card details "prior to 2009".