The High street pawnbroker Cash Converters, which sells small loans and second-hand jewellery, has announced it’s suffered a data breach that could put at risk some of its customers are.
Customers were notified of the data breach this week, on Thursday the firm sent them an email to explain what has happened.
“Along with the relevant authorities we are investigating this as a matter of urgency.” reads a statement from Cash Converters.
“We are also actively implementing measures to ensure that this cannot happen again.”
According to the company, its old online website that was withdrawn on 22 September was hacked and attackers gained unauthorised access to customer data from its UK e-commerce. The current version of the e-commerce platform used by the firm is not affected.
Even if the website was not storing financial data, attackers may have accessed user records, including personal details, passwords, and purchase history from a website that was run by a third party. Cash Converters closed the contract with this third party in September.
If you have had a Cash Converters account online change your password, including on websites and log-ins where the same credentials have been used.
The company has reported the data breach to authorities in the UK and Australia, it is still investigating the incident.
A spokesman for the ICO confirmed it was looking into the reported breach.
“We’re aware of an incident at Cash Converters UK and will be making enquiries,” he said.
Users that receive anything suspicious can report it through Cash Converters or Action Fraud
(Security Affairs – hacking, data breach)