CEX, the high-street retailer of second hand DVD’s, games and gadgets, has been hit with a data breach with up to two million customers having their data stolen.
The company has stated that the data stolen includes customers’ names, addresses, email addresses, phone numbers and in some cases, even old credit card information.
Although CEX stopped storing financial data in 2009, the hackers still stole encrypted data of expired credit and debit cards.
Customers have been advised to change their passwords, especially if they have reused their CEX password on other sites.
However, changing your password may not completely safeguard you from a phishing or cyber attack, so Mark James, ESET IT Security Specialist, gives advice on how to best avoid being caught in a scam.
“Any data breach is bad news, with more and more of our data ending up floating around the internet the chance of you receiving a spam or phishing email increases every single day.
“The information taken during this breach was personal data and passwords of up to two million customers.
“CEX stated “customers' names, physical addresses, email addresses and phone numbers were compromised in the attack” and as usual this is exactly the information that will be used for future scams.
“With some information like names and physical addresses you can’t change easily.
“It’s interesting to note that they stated that Hackers may have also swiped encrypted data from expired credit and debit cards up to 2009 in a "small number of instances."
“However any payment card data that may have been stolen in the attack "has long since expired" since they stopped storing financial data in 2009, but how many of the public actually know that?
“If an unsuspecting user received some correspondence to update their credit card details and used the old info as a qualifier there could be a few who may fall for it!
“As with any of these causes, always check any account information and passwords associated with the company that has been breached.
“Change your passwords immediately and be aware of anyone contacting you relating to the information stolen.
“If you are contacted by phone do not hand over any new information and hang up immediately.
“Be extra wary of emails asking you to validate any information over email or web and if in doubt always ask the originating company for verification before proceeding.”
Are you a CEX customer? Does a breach like this worry you? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.