CeX, “Computer eXchange” or more recently “Complete Entertainment Exchange,” has said that it had suffered a data breach which included the taking of up to 2 million website customers “potentially” affected. The retailer which specialises in trade-ins and second-hand games and equipment said that the data includes “some personal information such as first name, surname, addresses, email address, and phone number,” as well as “encrypted data from expired credit and debit cards up to 2009.”
On the revelation that card information had been taken, CEX looked to calm fears by saying
We would like to make it clear that any payment card information that may have been taken, has long since expired as we stopped storing card data in 2009.
As credit and debit cards don’t have lifespans reaching that far back, the impact on any card data being taken is minimal compared to what it would have been if the card data was still valid.
The retailer also suggests that in-store customers would not have been affected, only those who have used the website in the past.
CeX suggests that anyone who has used the website head over to webuy.com and change their password along with any accounts on other services that might share the same login credentials as a precaution.
While CeX is primarily located in the UK, it does own and operate stores in Europe and the US.