IRS Data Breach May Have Compromised 100,000 Taxpayer Accounts
August 30, 2017 by

Retailer CeX Data Breach Sees Two Million Customer Records Compromised

Second-hand electronics retailer CeX has admitted it was the target of a significant “online security breach” that may have resulted in the theft of two million customers’ personal records.

The UK-based retailer, founded in 1992, said customers’ names, email addresses, phone numbers and even physical addresses were compromised after “an unauthorized third party” accessed the data. Furthermore, the company also added that a “small amount” of encrypted data from expired credit and debit cards could have also been compromised. CeX contends that the payment card information belongs to expired cards, with the retailer taking a turn in 2009 to quit storing financial data.

CeX did not reveal how the attack took place or provide any hints towards the instigators of the attack. A forensic investigation is currently underway. Notably, the retailer added that the perpetrator of the attacks could gain access to users’ account passwords, thereby urging those affected to change or update their credentials as a precautionary measure. The passwords, CeX adds, were hashed and encrypted.

CeX wrote:

Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services. 

An investigation is currently underway with relevant authorities, including the police, participating. A “cyber security specialist” is also looking into review the company’s data security integrity and investigative process.

“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats,” the firm wrote. “Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review the process.”

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.