STE WILLIAMS

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.

Customers were notified of the leak on Thursday by email, samples of which have been posted on social media.

Cash Converters said it had discovered that a third party gained unauthorised access to customer data within the company’s UK webshop.

Credit card data was not stored. However, hackers may have accessed user records including personal details, passwords, and purchase history from a website that was run by a third party and decommissioned back in September. The current webshop site is not affected, the firm said.

Cash Converters said it has reported the incident to authorities in the UK and Australia alongside launching an urgent investigation itself and taking steps to safeguard its site.

Troy Hunt‏, the researcher behind the popular haveibeenpwned breach notification site, said on Thursday that he wasn’t previously aware of the problem but the incident did bear the hallmarks of a breach at Cash Converters.

El Reg asked Cash Converters to comment but we’re yet to hear back. We’ll update this story as and when we hear more.

A spokesman for the ICO confirmed it was looking into the reported breach. “We’re aware of an incident at Cash Converters UK and will be making enquiries,” he said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/11/16/cash_converters_breach/