Video game retailer Cex has said up to two million customers have had their data stolen in an online breach and urged them to change their passwords.
The company buys and sells second-hand games, consoles and gadgets through its Cex-branded high street stores and webuy.com website.
It said customers’ names, addresses, email addresses, phone numbers and encrypted data from expired credit and debit cards had been taken by “an unauthorised third party”.
It clarified in a statement: 鈥淲e would like to make it clear that any payment card information that may have been taken, has long since expired as we stopped storing financial data in 2009.鈥 The company said it was working with the police following the breach and had notified affected customers through an email.
The statement continued: 鈥淲e are taking this extremely seriously and wanted to provide you with details of the situation and how it might affect you.
鈥淎lthough your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services.
鈥淎s such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password.
鈥淲e take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats.
鈥淐learly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes.
鈥淭ogether we have implemented additional advanced measures of security to prevent this from happening again.
鈥淚f you have any questions, please don鈥檛 hesitate to email us at:聽guidance@webuy.com.
鈥淚f you do not receive an email, your account is not affected.鈥