Hackers have stolen the personal data of up two million customers of the second-hand electronics retailer Cex due to an "online security breach".
The company says personal information such as first names, surnames, email addresses, home addresses and telephone numbers were leaked in the hack, as well as software-protected information of expired credit and debit cards "up to 2009."
Javvad Malik from the security firm Alien Vault told the BBC that it was "surprising" that Cex still stored customer card details "prior to 2009".
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
He added: "One would struggle to think of a legitimate business reason for storing expired card details."
But Cex says it stopped storing card data in 2009 and that any bank details stolen by hackers have "long since expired".
Customer data for the retailer's online shop, such as account usernames and passwords, are not believed to have been compromised in the attack, reports ZDnet.
But Cex is urging its customers to change their passwords online, "as well as any other online accounts where you may share the same password as a precautionary measure."
The second-hand retailer adds: "We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats."
The company says that it's working with the police and other "relevant authorities" to identify how the hackers bypassed its security systems.
Cex has emailed customers affected by the hack, but says it cannot share specific details of the security breach while the firm is under investigation.
-
Political cartoons for October 26Cartoons Sunday’s editorial cartoons include Young Republicans group chat, Louvre robbery, and more
-
Why Britain is struggling to stop the ransomware cyberattacksThe Explainer New business models have greatly lowered barriers to entry for criminal hackers
-
Greene’s rebellion: a Maga hardliner turns against TrumpIn the Spotlight The Georgia congresswoman’s independent streak has ‘not gone unnoticed’ by the president
-
Why Britain is struggling to stop the ransomware cyberattacks
The Explainer New business models have greatly lowered barriers to entry for criminal hackers
-
Who are the new-wave hackers bringing the world to a halt?The Explainer Individual groups and nations are beginning to form concerning partnerships with new ways to commit cybercrime
-
Jaguar Land Rover’s cyber bailoutTalking Point Should the government do more to protect business from the ‘cyber shockwave’?
-
Airplane crash-detection systems could be vulnerable to hackersUnder the Radar 'The idea scares the shit out of me,' one pilot said
-
Elon Musk's DOGE website has gotten off to a bad startIn the Spotlight The site was reportedly able to be edited by anyone when it first came online
-
The Internet Archive is under attackUnder the Radar The non-profit behind open access digital library was hit with both a data breach and a stream of DDoS attacks in one week
-
How cybercriminals are hacking into the heart of the US economySpeed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
-
Language-learning apps speak the right lingo for UK subscribersSpeed Read Locked-down Brits turn to online lessons as a new hobby and way to upskill
