Retailer CEX suffers data hack with 2m accounts affected

Second-hand retailer says only expired credit cards were obtained

UK second-hand games retailer CEX has warned customers that some 2m customer accounts have been accessed illegally.

The online security breach has seen hackers obtain personal information and 'encrypted data from expired credit or debit cards'. It says it hasn't stored customer card details since 2009. "This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible," said MD David Mullins in an email to customers.

"Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again."

He goes on to recommend customers change their passwords both on his website and elsewhere.

The personal information that has been made available are names, addresses, emails and phone numbers.

"We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats," CEX wrote in its customer Q&A.

"Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again."

More stories

CEX staff report concerns as stores re-open

Employees take issue with inconsistent rules, no quarantine period on trade-ins, no reduction in opening hours

By Brendan Sinclair

UK games retail shifts online as government orders closure of all non-essential stores

CEX, GAME, Argos and more shut their High Street branches to prevent the spread of coronavirus

By James Batchelor

Latest comments

Sign in to contribute

Need an account? Register now.