CeX retail customers have their data stolen in online security breach

31 Aug 2017

Image: Portrait Images Asia by Nonwarit/Shutterstock

CeX has suffered a data breach, with up to 2m customers affected.

Customers of CeX – a second-hand retailer of games and gadgets that also runs online marketplace WeBuy – have fallen victim to a serious incident of data theft.

According to a statement on the company website, the data stolen includes names, physical addresses, phone numbers and credit card information.

The credit card data seized is now inactive, as the company had stopped storing this information in 2009, making it useless to criminals.

‘We take the protection of customer data extremely seriously and have always had a robust security programme in place, which we continually reviewed and updated to meet the latest online threats’
– CEX

CeX is urging customers to up the personal security ante.

It said: “Although your password has not been stored in plain text, if it is not particularly complex, then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services.

“As such, as a precautionary measure, we advise customers to change their password across other services where they may have reused their WeBuy website password.”

CeX is not in a position as of yet to divulge what data has been shared by hackers, but it is collaborating with police to investigate the source of the breach.

Future security

CeX said: “We take the protection of customer data extremely seriously and have always had a robust security programme in place, which we continually reviewed and updated to meet the latest online threats.

“Clearly, however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cybersecurity specialist to review our processes.

“Together, we have implemented additional advanced measures of security to prevent this from happening again.”

As with all breaches containing sensitive data, customers are advised to exercise caution when it comes to emails or phone calls that seem out of place, and to avoid reusing passwords for multiple online accounts.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com