European retailer CEX has suffered a security breach, with up to 2 million customers’ details at risk. The company says the data includes “some personal information such as first name, surname, addresses, email address, and phone number,” as well as “encrypted data from expired credit and debit cards up to 2009.”
CEX says it is liaising with “the relevant authorities, including the police,” regarding the hack, which was carried out by an “unauthorised third party.” It’s currently unclear precisely what data has been shared about specific customers, but the company is contacting up to 2 million people “as a precaution.” It also notes that no valid financial information has been lost as it stopped storing customers’ credit and debit card details in 2009.
The retailer claims no in-store customers should be affected, only online ones–and although passwords are not stored in plain text, customers are advised to create a new one as “a third party could still determine your original password and could attempt to use it across other, unrelated services.” Finally, the company states that if you do not receive an email containing recommended next steps, then your account is safe.
CEX specializes in second-hand video games, entertainment, and technology products, and is now one of the biggest entertainment retailers in the UK and Europe. It also owns a limited number of stores in the US. For more, check out CEX’s advice on the hack.