CeX Data Breach – Up to 2 million customer’s personal data compromised
05 Sep 2017
Second hand games and electronics store CeX last week issued a statement notifying their customers of a massive online security breach. CeX said that everything from passwords, customers’ names, physical addresses, email addresses, phone numbers and encrypted data from expired credit and debit cards from 2009 were exposed in an attack conducted by “an unauthorized third party” that illegally accessed the company’s computer systems.
In the statement they also confirmed that they have employed a cyber security specialist to review their processes, who has already implemented a strategy to prevent any further attacks. I think Alan Martin from IT Pro said it best when he wrote - ‘It’s that time again when we reset the imaginary internet sign to read “zero days without a UK data breach”, expressing exactly how an already hacking fatigued public and industry feel about this latest attack (http://www.itpro.co.uk/security/29345/two-million-customers-hit-by-cex-hack).
A number of questions have been posed regarding this latest attack, chief among them; how and why customer’s old financial information would be stored? As a European company, what will be the GDPR ramifications? Will this case be the test case for how GDPR fines and penalties are doled out? All of which will no doubt be dealt with, plus provide more than a few headaches for the new Cyber Security Specialist, CeX Executives and relevant authorities.
Once again incidents like this only reinforce the need for organisations to pull their metaphorical socks up and do it quickly when it comes to cyber security. Mat Downham, Engineering Director at Telesoft points out “organisations and businesses that gather and store personal information of any kind, now more than ever need to make sure that they have extremely robust and multi-layered network security processes and practices in place. Cyber criminals are ultimately business people and to use an old cliché, those wanting to return profit quickly always go after the ‘low hanging fruit’. Don’t let your organisation or business be in that position, make network security your number one priority, not an afterthought. Employ the right professionals, use smart products and systems that give you full network visibility and finally educate your employees to be cyber security aware, narrowing the gaps for hackers to exploit.”
For more information about Telesofts cyber security products please contact us