CeX, the second-hand electronics, and video games retailer has reportedly had the details of two million customers compromised by hackers. The information stolen included names, addresses, email addresses and some phone numbers, as well as a small number of encrypted credit card details.
The breach was revealed to CeX customers on Tuesday by email and advised them to change their passwords for its site and other accounts that share the same login as a precautionary measure.
CeX, is the latest in a long line of businesses to fall victim to hackers this year. Wonga, The Association of British Travel Agents, Verizon and many more have all seen their customer data exposed.
Though the technical details of the CeX breach are still unclear at this point, what is clear is that businesses are still failing to protect critical consumer data. The data compromised in this breach is hugely valuable to hackers, perhaps even more so than credit card details. Email addresses and other personal data opens up the possibility of sophisticated social engineering campaigns specifically targeted at CeX customers. For instance, emails pretending to be from a customer’s bank or place of work which requests specific sensitive information. Humans are the weakest link when it comes to security and today’s hackers are well aware of that.
We’re seeing breaches like this all too often and they can be prevented through a few simple measures such as regularly updating and patching all devices, and removing user privileges. Investing in lasting measures and processes to secure against threats is a journey, not a race. Security is not a one-time investment.
Creating a business with security at its core will become increasingly important over the next few months, particularly as GDPR comes into force in May 2018. Failure to comply with these new mandates could have a significant impact on a business, with firms fined up to up to 4% of global turnover or €20 million – whichever is larger – for a breach, be it from a cyber attack or human error.
It’s now critical that organizations take proactive steps to identify and address any gaps in their security, no matter how small or in significant they may seem.