Data breach at CEX

HonourlessWeasel

For anyone who hasn't seen or perhaps hasn't received an email but does have an online account with CEX, they have experienced a data breach which they've announced tonight.

This is the text of the email I received:

Dear Customer,
We are writing to inform you that unfortunately we have recently been subject to an online security breach. We are taking this extremely seriously and want to provide you with details of the situation and how it might affect you. We also want to reassure you that we are investigating this as a priority and are taking a number of measures to prevent this from happening again.

The situation
As a result of a breach of security in which an unauthorised third party accessed our computer systems, we believe that some customer data has been compromised. This includes personal information, and, for a small number of customers, it also includes encrypted data from expired credit or debit cards. As a customer of CeX, there is a possibility this might affect you.

Please note, we did not have any card data stored for your account. We ceased storing customer card details in 2009.

What we’ve done about it
This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible. Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again.

What we suggest you do?

• Although we have put in place additional security measures, we recommend that you change the password for your webuy online account.
• If you used the same password elsewhere, we also suggest that you change your password for those accounts.

Further details on this issue are provided in a Q&A below. If you have additional questions, please email us at: where we will be compiling the most frequently asked questions, which will then be updated via

We apologise for inconvenience this may cause.
Yours sincerely,
David Mullins
Managing Director

I've seen a couple of websites mention it - it'll probably appear on The Register tomorrow. I'm not, as yet, allowed to post with links which is why this email looks slightly incomplete, but it is available on the CeX website at /guidance/

Johnmcl7

The Register have it up:

https://www.theregister.co.uk/2017/08/29/cex_servers_hacked/

I've just double checked my account but no CC data there thankfully as they've said.

John

HonourlessWeasel

I logged in to my account to find that since I last used it my address, my email address and my name have all changed (not by someone else, but because I've married, moved house etc.) so I changed the password and sorted it out as I'll probably use the account again in the future.

The story has now made it to the BBC and other news outlets too. Knew I could rely on El Reg :T