LONDON — Electronics retailer CeX has been hacked, and up to 2 million customers may be affected.
In an online statement, the British second-hand goods company warned that it has “recently been subject to an online security breach,” and that “as a precautionary measure we are contacting up to two million of our registered website customers who could potentially be affected.”
Data stolen includes names, addresses, email addresses, phone numbers, and encrypted data from credit and debit cards (these are expired and the data is from 2009 and earlier, it says).
The firm is also recommending that affected customers change their passwords if they reused it across multiple accounts and services.
CeX has 575 stores worldwide, including 363 in the UK, and sells pre-owned video games and consoles, smartphones, computers, tablets, movies, and other electronic products.
Here’s the email CeX has been sending to its customers:
The company is vague on the specifics of the hack, saying only that ” an unauthorised third party has accessed this data” and that it was “sophisticated.” It is working with authorities, including the police, to investigate, it says.
“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats,” it said in its statement.
“Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”