The Daily Swig Web security digest

Pawn in the game: Cash Converters reveals customer data breach

James Walker | 17 November 2017 at 15:18

UK customer data stolen from recently decommissioned webshop.

British customers of high street pawnbroker Cash Converters have been alerted to a data breach that may have resulted in their personal details being compromised.

According to the company, which operates nearly 200 stores selling secondhand goods across the UK, the data accessed comes from its legacy online retail site, which was hosted by an external third party and replaced two months ago.

A screenshot of the email sent out to customers reads: “The data that has been accessed related to Cash Converters UK data from a recently decommissioned webshop site. This site was decommissioned when the new website was launched in September 2017.

“The customer data that has been accessed includes webshop account names, passwords, and delivery addresses. Please note, this does not include your credit card details.”

While Cash Converters did not put a figure on the number of customers impacted, it said it has alerted the authorities and was implementing measures to “ensure that this cannot happen again”.

According to Reuters news agency, Cash Converters received an email from a third party threatening widespread release of the data unless they received a financial payment.