In a recent cyber attack on second-hand electronics dealer CeX, the hackers may have stolen personal details of as many as two million customers. The stolen data include names, email addresses, phone numbers, and, in some cases, passwords. The passwords were hashed by the company but it warned the users to change the reused passwords as a weaker password can still be vulnerable.
The hackers were able to access some of the credit and debit card data but the company ruled out the occurrence of any problem saying that in all likelihood the cards have expired as the store had stopped taking that data since 2009. The breach did not impact the company’s physical stores.
CeX did not elaborate on the details of the hacks as they are still investigating the incident. CeX released a statement that said, “We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats. Clearly, however, additional measures were required to prevent such a sophisticated breach occurring, and we have therefore employed a cybersecurity specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”