Two Million CeX Customer Data Exposed

CeX Ltd., a second-hand goods chain specializing in technology, computing, and video games, has informed over two million of its customers that they have recently been subject to an online security breach. The breach exposed PIIs that include customer names, addresses, phone numbers, email addresses, and in some small instances, encrypted data from expired credit and debit cards dating back to 2009.

The trove of customer data now exposes customers to fraud and identity theft, as the information can be used by attackers to perpetrate a number of crimes, from applying for credit cards and filing fraudulent income tax returns to applying for loans using the stolen identity.

CeX did not provide details on who was behind the hack but stated that relevant authorities have been notified and that an investigation is ongoing. In an email sent to customers, CeX added: “Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again.”

The company has already forced a password reset on all affected accounts that have yet to be changed. 

Solution and Mitigation

While data breaches can certainly damage an organization's reputation and bottom line, the owners of the stolen data are exposed to the most risk. Here are some tips on how to prevent and defend against data breaches:

• Patch and update systems on a regular basis as it can prevent cybercriminals from exploiting vulnerabilities which can open the doors to networks.
• Implement security measures that can identify and address network threats. Conduct regular security audits to make sure all systems connected to the network are secured.
• Educate the workforce regarding cybersecurity. Employees must be trained to identify and respond to threats, be aware of social engineering tactics, and know how to enforce guidelines on how to handle specific situations.
• Create contingencies and an appropriate response plan. This can minimize confusion by being ready with persons to contact, steps that can be done to mitigate the damage, and strategies for disclosing the incident to the authorities and affected parties.
• Users can also protect themselves by keeping an eye on their accounts to see if they are being abused. If there is any suspicious activity, changing passwords and replacing credit cards should be considered.

In addition, end point solutions such as Trend Micro™ Security,  Smart Protection Suites, and Worry-Free™ Business Security can protect companies by detecting malicious files that are used as infiltration methods during data breaches. Trend Micro Network Defense and Hybrid Cloud Security solutions also detect and prevent breaches anywhere on your network to protect an organization’s critical data and reputation.