UK retailer CEX has been hit by a cyber attack, during which hackers may have made off with the personal information of up to two million customers. Leaked details include full names, addresses, phone numbers, email addresses and encrypted but expired credit/debit card information.
CEX confirmed the security breach this morning. The second hand store deals in second hand electronics and entertainment, such as video games and consoles. The store also sells smartphones and PCs. While personal, identifying information did make it out, CEX has not stored any payment card information from customers since 2009. With that in mind, any encrypted card information the hacker(s) did make off with will have expired by now.
The breach affects those registered on CEX’s website only, if you are just a regular in-store member, then your information is likely safe and sound. While you may think ‘so they have my details, who cares?’ A criminal can actually do quite a lot of damage with just a few of your personal details. With a name, full address, email and a bit of social engineering, a criminal could do quite a bit of damage.
With that in mind, if you were registered with CEX, now would be a good time to change passwords and also double check any ‘security’ related emails from services like PayPal, Apple etc as phishing scams often mask as security notices in an effort to gain access to your password.
In the meantime, CEX is working with authorities to figure out how this happened and who was behind it.
KitGuru Says: With online scams and identity fraud being so prevalent these days, protecting your personal information is very important. If you were registered with CEX, then just be extra careful when it comes to suspicious emails, texts or phone calls.