Game Retailer CEX Potentially Leaked Personal Information of 2 Million Customers After Breach
CeX, a gaming retailer that offers second-hand titles, have admitted to an "online security breach." The intrusion may have put up to two million customer accounts and the personal information contained in them at risk.
The retail company has sent emails to their customers, informing them that personal information tied to their CeX accounts, including full names, addresses, email addresses and phone numbers, may have been collected by intruders breaking into their servers.
Financial pieces of information, like credit card numbers, were also stolen "in a small number of instances," CeX admits, according to Engadget. These cases were limited, however, by the fact that the retailer has included encrypted data on credit and debit cards up to 2009, making most if not all of those expired by now.
Get Our Latest News for FREE
The attack was fortunately contained to the CeX website, and damage was limited, thanks to the fact that the site stopped collecting credit and debit details years ago. Their database holding membership information looks to be untouched.
All the same, CeX warns its customers to change their login details for their CeX store accounts, as well as their other accounts that use the same passwords. The company joins other large-scale establishments that have admitted to falling victim to online security breaches, alongside the U.K. Parliament and TalkTalk. It's a situation that the retailer is actively working to remedy.
"Additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes," a CeX representative said in a statement. The company is now working with the police after the breach, according to BBC.
"Together we have implemented additional advanced measures of security to prevent this from happening again," the company added.
Users who received an email from CeX will do well to heed the company's advice, although it does not necessarily mean that their information has been among those stolen in the attack.
