Cyber Incident Victim: Cash Converters

In November 2017, Cash Converters, a UK-based High Street pawnbroker specializing in buying and reselling items like jewelry and electronics, disclosed a data breach affecting customer accounts on its legacy online store. The company announced on November 16 that unauthorized third parties potentially accessed usernames, passwords, and physical addresses associated with accounts created on its old UK website platform. This compromised system had been replaced by a redesigned online store launched in September 2017, limiting the breach's impact to customers who had registered or interacted exclusively with the predecessor site. No transactional or financial data, including credit card information, was exposed during the incident. The breach did not affect customers who solely engaged with physical store locations without using the outdated web platform. Cash Converters confirmed the intrusion occurred prior to the website migration but provided no specific timeline for when attackers initially gained access.

The company formally notified affected customers upon confirming the breach and reported the incident to the UK Information Commissioner's Office in compliance with data protection regulations. In public statements to the BBC, Cash Converters emphasized it was addressing the situation with high priority, describing affected customers as central to its operations while expressing regret over the security failure. Immediate remedial actions included investigating the breach's technical causes and reinforcing security protocols for the new web platform. The organization issued a direct apology to potentially impacted individuals, assuring them that store-only patrons faced no exposure risks. Operational continuity was maintained across physical retail locations and the replacement e-commerce site during and after the disclosure.