Hackers break into Cex and steal customer records

Two million thought to be affected by cyber attack on gaming store

Cex security breach
(Image credit: 2009 Getty Images)

Hackers have stolen the personal data of up two million customers of the second-hand electronics retailer Cex due to an "online security breach".

The company says personal information such as first names, surnames, email addresses, home addresses and telephone numbers were leaked in the hack, as well as software-protected information of expired credit and debit cards "up to 2009."

Javvad Malik from the security firm Alien Vault told the BBC that it was "surprising" that Cex still stored customer card details "prior to 2009".

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

He added: "One would struggle to think of a legitimate business reason for storing expired card details."

But Cex says it stopped storing card data in 2009 and that any bank details stolen by hackers have "long since expired".

Customer data for the retailer's online shop, such as account usernames and passwords, are not believed to have been compromised in the attack, reports ZDnet.

But Cex is urging its customers to change their passwords online, "as well as any other online accounts where you may share the same password as a precautionary measure."

The second-hand retailer adds: "We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats."

The company says that it's working with the police and other "relevant authorities" to identify how the hackers bypassed its security systems.

Cex has emailed customers affected by the hack, but says it cannot share specific details of the security breach while the firm is under investigation.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.