Second hand technology retailer CEX has revealed that over two million customers’ accounts have been illegally hacked from its database.
David Mullins, the retailer’s managing director, said encrypted data from debit and credit cards had been accessed but added that new card details had not been stored since 2009.
Personal data including names, addresses, emails and phone numbers have also been hacked in what Mullins described as a “sophisticated breach”.
“Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again,” he said.
“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats,” CEX wrote in its customer Q&A.
“Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”
The retailer has recommended that customers change their passwords both for their CEX accounts and elsewhere.