Hackers break into Cex and steal customer records

Hackers have stolen the personal data of up two million customers of the second-hand electronics retailer Cex due to an "online security breach".

The company says personal information such as first names, surnames, email addresses, home addresses and telephone numbers were leaked in the hack, as well as software-protected information of expired credit and debit cards "up to 2009."

Javvad Malik from the security firm Alien Vault told the BBC that it was "surprising" that Cex still stored customer card details "prior to 2009".

He added: "One would struggle to think of a legitimate business reason for storing expired card details."

But Cex says it stopped storing card data in 2009 and that any bank details stolen by hackers have "long since expired".

Customer data for the retailer's online shop, such as account usernames and passwords, are not believed to have been compromised in the attack, reports ZDnet. 

But Cex is urging its customers to change their passwords online, "as well as any other online accounts where you may share the same password as a precautionary measure."

The second-hand retailer adds: "We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats."

The company says that it's working with the police and other "relevant authorities" to identify how the hackers bypassed its security systems.

Cex has emailed customers affected by the hack, but says it cannot share specific details of the security breach while the firm is under investigation.