CeX, a popular retailer of electronic goods and gadgets, has been subjected to a major cyber attack in which the data sitting on the company’s servers was compromised.
During the incident, CeX communicated to its customers that the site had been affected by a hack and that there had been a data breach.
CeX admitted that the attackers stole the personal details of as many as two million customers.
The company has advised those within its customer base to reset their passwords as soon as possible.
Latest Financial Data Not Compromised
According to the statement issued by CeX, the company had stopped retaining any financial data relating to customers’ transactions on its site from 2009 onwards and whatever details the hackers have stolen during the cyber attack were dated before that year.
While this may be taken to understand the credit and debit cards stolen in the hack must have been expired, some other details like the names, addresses, phone numbers and even email IDs have also been stolen in the cyber attack—something CeX could have prevented from happening in the first place.
The company could only say that an “unauthorized thirty party” perpetrated the cyber attack. Customers have to hope that their financial information has also been saved from the data breach.
An Organization with a 25-Year Presence
CeX’s presence in the electronics goods industry dates back some 25 years ago, with physical brick-and-mortar stores in several countries. The company has locations in the U.S., the U.K., Spain, Ireland, Australia, Portugal, the Netherlands, Mexico, Poland and India.
And in addition to these stores, there’s an online outlet that deals in secondhand goods, WeBuy.com.
This business buys used electronic devices from customers to refurbish and sell them back online.
It is therefore not surprising that the number of customers it has on its books is as high as two million plus.
Addressing the Customers Directly
One positive outcome of this cyber attack has been that CeX immediately sent a detailed statement to all its customers to inform them about the hack and advise that they reset their password as a mode of precaution.
After reassuring the customers that their financial data was not stored on the servers affected by the cyber attack, CeX has recommended that customers must take a look at other sites where they might have used the same password as with CeX or WeBuy.com, and make changes there as well.
This is a good, rather transparent gesture, as the customers will not remain in the dark and cannot blame the company if something were to go wrong at a later date if there was a data breach and their details are in the hands of a third party.
It has been confirmed that the company has sought the help of law enforcement authorities in cracking the case and finding the persons or group(s) behind the hack.
The Road Ahead for CeX
Customers are generally wary of sharing their personal details on ecommerce platforms fearing precisely the kind of cyber attack that was mounted on CeX.
It has to be conceded that organizations using legacy systems are more prone to being hacked.
The hardware and cyber security software programs CeX is using could be outdated, causing a system vulnerability that hackers can easily take advantage of.
Such cyber attacks act as stark reminders to these organizations to first revamp their systems in terms of hardware and software, and ensure no one can succeed in enacting a hack.
It is understood that CeX has already appointed a specialist cybersecurity expert to take a hard a look at the IT infrastructure and suggest improvements.
Ultimately, it becomes the responsibility of the website’s administrators to build their platform with the best security credentials, particularly if they are capturing personal details of their customers on the site.
By extension, customers need to be given the comfort that their data won’t be compromised.
Customers should also take the necessary security precautions and share their personal information only when they are very sure that the site has the best firewalls against a possible cyber attack.