Warning to anyone who's used CeX as two million customer details leak

Phillip Cunningham
August 31, 2017

United Kingdom gaming chain CEX has apparently fallen victim to a large scale online data security data breach. The company does admit that this wasn't enough, stating: 'Clearly however, additional measures were required to prevent such a sophisticated breach occurring'.

Some two million customers of games retailer CeX have had their details stolen by hackers in a huge security breach. The company says the data includes "some personal information such as first name, surname, addresses, email address, and phone number", as well as "encrypted data from expired credit and debit cards up to 2009".

Encrypted card details were also likely to have been taken - although Cex stopped storing cards eight years ago.

It said those who do not receive an email have not had their data compromised.

The company has urged customers to change their password, especially if they reused their Cex password on other websites. The breach has potentially put 2 million customers at risk of their personal details being exposed.

Cex has urged customers to change their password especially if they reuse it for other websites
Cex has urged customers to change their password especially if they reuse it for other websites

With that in mind, if you were registered with CEX, now would be a good time to change passwords and also double check any "security" related emails from services like PayPal, Apple etc as phishing scams often mask as security notices in an effort to gain access to your password.

"Late previous year, we suffered what we believed to be a low-level breach in our online United Kingdom website security, along with a phishing attempt".

The company says an "unauthorised third party" accessed their online data.

Cex, which has more than 300 stores across the United Kingdom where people can trade in old games and gadgets, said it is working with police following the hack.

Javvad Malik from the security firm Alien Vault told the BBC that it was "surprising" that Cex still stored customer card details "prior to 2009". They're emailing all affected customers with guidance on how to proceed but recommend in the interim that anyone holding an online account with them changes their password; as an additional security measure, if you use the same password across multiple accounts we'd recommend changing your password across all affected accounts as well.

Other reports by

Discuss This Article