CeX Admits Data Breach Could Impact 2m Online Customers

Entertainment retailer CeX has admitted a data breach which saw the personal information of as many as two million of its online customers stolen.

The firm, founded as ‘Computer Exchange’ on London’s Tottenham Court Road in 1992, has more than 350 stores in the UK. However none of these have been affected and the in-store personal membership information has been compromised.

“We have recently been subject to an online security breach,” CeX told customers. “We are taking this extremely seriously and wanted to provide you with details of the situation and how it might affect you. We also wanted to reassure you that we are investigating this as a priority and are taking a number of measures to prevent this from happening again.”

CeX data breach

CeX says it is unclear who accessed the data, but suggests first name, surname, addresses, email address and phone numbers of customers of ‘webuy.com’ have been stolen.

It adds that although passwords were encrypted, users should change these in case they are not complex enough not to be cracked.

There is also a chance that payment information has been stolen, although this is limited to expired credit and debit card details. CeX stopped storing financial data in 2009, so anything used after that date should be fine.

“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats,” CeX added.

“Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”

If customers haven’t been emailed, they are unaffected.

Loading ...

GDPR future

Data breaches have affected a number of online retailers in the past and they could be subject to larger fines in the future once the EU’s GDPR legislation comes into force in 2018. GDPR will become UK law before Brexit and firms could face fines of up to £17 million or four percent of global turnover if adequate measures are not taken.

“It is another reminder that all data, particularly customer data needs protecting by companies of all sizes,” said Javvad Malik from security firm AlienVault.

“This protection includes, not only having threat detection and response capabilities, but also to look at the appropriateness of the data that is stored. It’s surprising that CeX still stored customer card details prior to 2009. One would struggle to think of a legitimate business reason for storing expired card details and would appear to go against the Data Protection Act principles of adequacy and relevancy.”

“With GDPR looming, it is essential that companies take a hard look at the data it stores and processes and for what purposes.”

Quiz: What do you know about cybersecurity in 2017?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

1 hour ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

21 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

22 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

23 hours ago