The store, which specialises in buying and reselling old games and electronic equipment suffered a large data breach at the hands of hackers. In an email to customers this morning, the retailer said it was investigating the breach "as a priority" and promised it was "taking a number of measures to prevent this from happening again".
Hackers have stolen the personal data of up two million customers of the second-hand electronics retailer Cex due to an "online security breach". The data could also include encrypted credit and debit card numbers, but since CeX hasn't stored card details since 2009, any cards on record are likely to have expired.
The data that was compromised was online-only.
The retailer is now working with the police and other relevant authorities to find out who conducted the cyber-attack and exactly how much data was stolen. The breach has potentially put 2 million customers at risk of their personal details being exposed.
"No further financial information has been shared", CeX said in a statement, noting that there is now no indication that in-store personal membership information has been compromised.
Affected customers have been sent an email offering guidance, and are being advised to change their password - especially if used on other websites. "Together we have implemented additional advanced measures of security to prevent this from happening again", the company added.
CEX specializes in second-hand video games, entertainment, and technology products, and is now one of the biggest entertainment retailers in the United Kingdom and Europe. "One would struggle to think of a legitimate business reason for storing expired card details and would appear to go against the Data Protection Act principles of adequacy and relevancy". Never the less, the chain has told people to change the passwords on their account and any other services that use the same log-in details.