STE WILLIAMS

Second-hand electronics dealership CeX has warned two million customers their personal information may have been stolen.

Several Reg readers dropped us a line after receiving an email from the company that informed them their personal information including first name, surname, address, email address and phone number had been accessed by hackers.

In some cases passwords were also stolen. The company says these were hashed, but warns – correctly – that weak passwords could still be cracked, so if you have reused one it’s time to make some changes.

“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats,” CeX said in a statement.

“Clearly however, additional measures were required to prevent such a sophisticated breach occurring, and we have therefore employed a cybersecurity specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”

Some credit and debit card data is also missing, but CeX says that’s not a problem because the store stopped taking that data in 2009, and so all of the cards have likely expired. CeX says it can’t share more details while investigations are continuing.

The data loss came as part of an “online security breach” – its in-store terminals weren’t affected. That’ll be a relief to those using the stores, since credit card-slurping point-of-sale malware is becoming increasingly common, particularly in the US. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/08/29/cex_servers_hacked/