📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Data breach at CEX

Options
For anyone who hasn't seen or perhaps hasn't received an email but does have an online account with CEX, they have experienced a data breach which they've announced tonight.

This is the text of the email I received:
Dear Customer,
We are writing to inform you that unfortunately we have recently been subject to an online security breach. We are taking this extremely seriously and want to provide you with details of the situation and how it might affect you. We also want to reassure you that we are investigating this as a priority and are taking a number of measures to prevent this from happening again.

The situation
As a result of a breach of security in which an unauthorised third party accessed our computer systems, we believe that some customer data has been compromised. This includes personal information, and, for a small number of customers, it also includes encrypted data from expired credit or debit cards. As a customer of CeX, there is a possibility this might affect you.

Please note, we did not have any card data stored for your account. We ceased storing customer card details in 2009.

What we’ve done about it
This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible. Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again.

What we suggest you do?
  • Although we have put in place additional security measures, we recommend that you change the password for your webuy online account.
  • If you used the same password elsewhere, we also suggest that you change your password for those accounts.
Further details on this issue are provided in a Q&A below. If you have additional questions, please email us at: where we will be compiling the most frequently asked questions, which will then be updated via

We apologise for inconvenience this may cause.
Yours sincerely,
David Mullins
Managing Director
I've seen a couple of websites mention it - it'll probably appear on The Register tomorrow. I'm not, as yet, allowed to post with links which is why this email looks slightly incomplete, but it is available on the CeX website at /guidance/

Comments

  • Johnmcl7
    Johnmcl7 Posts: 2,839 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    The Register have it up:

    https://www.theregister.co.uk/2017/08/29/cex_servers_hacked/

    I've just double checked my account but no CC data there thankfully as they've said.

    John
  • I logged in to my account to find that since I last used it my address, my email address and my name have all changed (not by someone else, but because I've married, moved house etc.) so I changed the password and sorted it out as I'll probably use the account again in the future.

    The story has now made it to the BBC and other news outlets too. Knew I could rely on El Reg :T
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.