Second-hand games and gadget retailer Cex has reported that a breach of their online security has resulted in customer data being stolen, potentially affecting up to two million customers.
As reported by the BBC, Cex is calling it a "sophisticated breach" stressing that this affects online account holders, while clarifying that in-store data has not been affected. Compromised data includes names, address, email addresses, phone numbers and some credit card information, although credit card data has not been stored since 2009, meaning that most of these cards will have expired by now.
Cex says they're working with police over the breach and have employed a cyber-security specialist to review its systems. They're emailing all affected customers with guidance on how to proceed but recommend in the interim that anyone holding an online account with them changes their password; as an additional security measure, if you use the same password across multiple accounts we'd recommend changing your password across all affected accounts as well.
There is some concern over the fact that Cex retained any credit card information at all; the BBC quotes Javvad Malik of AlienVault saying that it's "surprising" — and that it's a "struggle to think of a legitimate business reason for storing expired credit card details".
Cex has released a full statement regarding the breach, along with contact information for anyone with questions.
Matt Davidson is a freelance writer for IGN. You can follow him over on Twitter.
Aucun commentaire:
Enregistrer un commentaire