In the letter to affected customers, the company said that those who were compromised should rest assured that the matter is being investigated as a priority. And that relevant authorities had been informed.
UK based Cash Converters this week launched an investigation into a recent data breach which left customer records exposed. The electronics retailer, pawnbroker, and moneylender admitted that the information stolen had been from a decommissioned website. This was according to a breach notification email which was sent to all impacted customers.
In the notice, it states that the company’s webshop service had been hacked. The company said that webshop account names, passwords and delivery addresses were compromised during the attack. It has said that full card numbers were not stolen which only left open the possibility of a partial data leak.
And, according to an Australian media report, those behind the attack were holding the sensitive information to ransom.
The letter also states that the company had actively implemented measures to ensure any further attacks do not take place in the future. Cash Converters has said that it will work with local law enforcement officials in Australia and the UK during investigations into the leaked data and possible ransom thereof.
As a preventative measure, the company has forced password resets for all its UK webshop users. The statements also read that while certain details which relate to the security breach will remain confidential the company will provide details as and when they become available through the investigations.
The company also said that current webshop sites were independently and thoroughly security tested. This was done as part of its development process. Further, it stated that the company had no reason believe it had any more vulnerabilities, however additional testing was carried out to get the assurance of this.
It said that the customers truly were the heart of their operation and that it was both saddened and disappointed that they had been affected by the data breach. Cash Converters apologized for the situation caused by the leak but did not reveal exactly how many customers were impacted by the hack.
According to the company, it was also not certain when the breach occurred as the previous website was decommissioned already in September this year. In the notification, email customers were advised to change passwords and to ensure they were unique to the website.
A representative for Cash Converters could not immediately respond to request for comment. The company has also not publically acknowledged the incident on any of its social media channels. A public relations contact sent local media a statement quoting the email correspondence sent to customers.