High street money lender and pawnbroker, Cash Converters – announced believes customer data may be in the hands of a malicious third party after a suspected breach of its old website and receiving a ransom demand.
Cash Converters has sent an email informing customers of the incident and forced users to reset their passwords. It has contacted the police in the UK and Australia.
“The current webshop site was independently and thoroughly security tested as part of its development process,” the firm reportedly said in its email. “We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.”
User names, passwords and email addresses may have been stolen as part of the breach, the leak occurred from the company’s old website, which stopped being used on 22 September this year. Anyone who used the site before that point is potentially at risk, through Cash Converters has declined to say how many customers could be impacted by the breach.
“We are taking this extremely seriously and have provided our customers of the old Webshop site with details to help protect them from being impacted by the security breach,” the company wrote in a statement. “Customers should be aware that full credit card details were not obtained as part of the security breach”
“Along with the relevant authorities we are investigating this as a matter of urgency. We are also actively implementing measures to ensure that this cannot happen again,” the company added.
Whether the data is leaked or this ends up being a hoax, it would be a sensible precaution to change your password if you used the same login on the Cash Converters website.
Don’t forget to using a password manager, will help you keep track of all password you have and where you have used them.