Cash Converters breached; hackers hold data for ransom

Cash Converters, the British second-hand shop that enables users to trade goods and resell to others, announced in an email to customers on Thursday that it detected unauthorized third-party access to its data, the BBC writes.

‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority. We are also actively implementing measures to ensure that this cannot happen again,” reads the email.

“Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available. The current web shop site was independently and thoroughly security tested as part of its development process. We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.”

Hackers accessed usernames, addresses, passwords and purchase histories, but the data breach affected an old website version that was replaced a few months ago. No credit card data was breached, the company added, without revealing the number of affected accounts. Clients who made in-store purchases or shopped through the new platform were not affected by the breach.

According to Reuters, Cash Converters also received a ransom demand from hackers threatening to release the information online if the payment was not followed through.

“Our customers truly are at the heart of everything we do, and we are disappointed that they may have been affected,” the company said in a statement.

“We apologize for this situation and are taking immediate action to address it.”

Because the time of holiday scams and malware campaigns has arrived, US-CERT has issued a warning that users should pay close attention on the internet, especially when making online payments during the holiday season. Malware-infected emails and ecards, fake ads and social media posts could lead to security breaches, identity theft and financial loss.