SPECIAL REPORT | Second hand games and electronics store CeX reported that it had been the victim of a massive data breach, issuing a statement to customers saying, “We have recently been subject to an online security breach. We are taking this extremely seriously and wanted to provide you with details of the situation and how it might affect you. We also wanted to reassure you that we are investigating this as a priority and are taking a number of measures to prevent this from happening again.”
Initially two million registered customers were sent a Q&A to keep them informed and advising them to change their passwords; separate reports say that is is around 2,000 customers who have had their data stolen – including some customer personal information such as first name, surname, addresses, email address and phone number if this was supplied.
CeX also said that any payment card data that may have been stolen in the attack “has long since expired” since it stopped storing financial data in 2009. However the attackers could have taken encrypted data from expired credit and debit cards up to 2009 in a “small number of instances.”
The statement from CeX also says that, “We are aware that an unauthorised third party has accessed this data. We are working closely with the relevant authorities, including the police, with their investigation.”
It also confirmed that a cyber-security specialist has been employed, “… to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”
Dr Jamie Graves, CEO at ZoneFox emailed SC to comment, , ” While customers might be experiencing hacking fatigue with the huge scale and stealth of these types of attacks, its important organisations ramp up their efforts to protect them now more than ever.”
Graves also praised the response, saying, “The way CeX has handled the incident by taking precautionary measures and instructing users of WeBuy.com to change their passwords is exactly how businesses should be handling the situation. The attack shows, once again, how companies of all sizes need to have a holistic approach to security and the need for a 360-degree visibility into what data is being moved around on and off the network. And and what’s equally important is that your employees and clients are educated with a security-aware culture instilled to help close any gaps threats look to exploit.”
Read more about this incident at SCMAGAZINE (new window/tab)