The attacker made off with first names, surnames, addresses, email addresses, and phone numbers if this were supplied and encrypted payment data. However, CeX stopped collecting credit and debit card details in 2009, so by now, most of the old card data had expired a long time ago.
The company said it started notifying affected users via email. According to CeX, only affected will receive the notification.
At this stage, CeX is still undergoing an investigation. The company employed a cybersecurity specialist to review our processes and together they have implemented additional measures of security.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now