Up to two million Cex customers had their data stolen in an online breach
The second-hand video games and gadget retailer revealed the stolen data included customers’ credit card information, phone numbers, email addresses, names and addresses.
The company said it is working with the police following the breach, after an “unauthorised third party” accessed the online account holder data.
Account details were likely to have expired, because the retailer stopped storing credit card information in 2009, making most of the data useless to criminals.
Javvad Malik from security firm AlienVault said to the BBC: “It’s surprising that Cex still stored customer card details prior to 2009.
“One would struggle to think of a legitimate business reason for storing expired card details.”
Affected customers have been sent an email offering guidance, and in-store data was not been affected.
Written by Leah Alger