The High street pawnbroker Cash Converters, which sells small loans and second-hand jewellery, has announced it’s suffered a data breach that could put at risk some of its customers are.
Customers were notified of the data breach this week, on Thursday the firm sent them an email to explain what has happened.
“Along with the relevant authorities we are investigating this as a matter of urgency.” reads a statement from Cash Converters.
“We are also actively implementing measures to ensure that this cannot happen again.”
According to the company, its old online website that was withdrawn on 22 September was hacked and attackers gained unauthorised access to customer data from its UK e-commerce. The current version of the e-commerce platform used by the firm is not affected.
Even if the website was not storing financial data, attackers may have accessed user records, including personal details, passwords, and purchase history from a website that was run by a third party. Cash Converters closed the contract with this third party in September.
If you have had a Cash Converters account online change your password, including on websites and log-ins where the same credentials have been used.
The company has reported the data breach to authorities in the UK and Australia, it is still investigating the incident.
A spokesman for the ICO confirmed it was looking into the reported breach.
“We’re aware of an incident at Cash Converters UK and will be making enquiries,” he said.
Users that receive anything suspicious can report it through Cash Converters or Action Fraud
(Security Affairs – hacking, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.