UK second-hand games retailer CEX has warned customers that some 2m customer accounts have been accessed illegally.
The online security breach has seen hackers obtain personal information and 'encrypted data from expired credit or debit cards'. It says it hasn't stored customer card details since 2009. "This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible," said MD David Mullins in an email to customers.
"Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again."
He goes on to recommend customers change their passwords both on his website and elsewhere.
The personal information that has been made available are names, addresses, emails and phone numbers.
"We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats," CEX wrote in its customer Q&A.
"Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again."