Which? uses cookies to improve our sites and by continuing you agree to our cookies policy

Cash Converters ‘receives ransom demand’ over UK data breach

Customers of the high street pawnbroker's old website may have had their details stolen

Yahoo Hack 3bn accounts

Pawnbroker and high street lender Cash Converters has been hit by a data breach, with UK customer information including personal details, partial credit card numbers and passwords feared stolen.

The firm’s old online shop – which ceased to be used on 22 September – was the target of the breach, meaning customers who used the site are at risk.

Cash Converters has not said whether the unauthorised access happened while the site was still in use, and has refused to confirm how many customers are affected, the types of data stolen or how the breach was discovered.

However news agency Reuters reports the firm has received a ransom demand from an ‘unidentified third party’ warning that customer data will be released if payment isn’t made. Personal details, passwords, masked credit card numbers and purchase histories may have been accessed.


Cash Converters being investigated

In a statement, Cash Converters said: ‘We are taking this extremely seriously and have provided our customers of the old Webshop site with details to help protect them from being impacted by the security breach.

‘Customers should be aware that full credit card details were not obtained as part of the security breach.

‘Along with the relevant authorities we are investigating this as a matter of urgency. We are also actively implementing measures to ensure that this cannot happen again.’

Data watchdog the Information Commissioner’s Office (ICO) said it’s aware of an ‘incident’ at Cash Converters UK and is investigating.

Have you been contacted by Cash Converters? Email us at money-letters@which.co.uk to share your experience.

Data breach survival tips

Have you been affected by a data breach? If you are affected by a data breach, make sure you:

  • Change any related passwords
  • Keep an eye on your bank accounts and report any unusual activity to your bank
  • Claim compensation by complaining to the company that lost your data
  • You can also take your concerns with how the organisation processed your data to the Information Commissioner’s Office (ICO)

For more information see our guide for how to claim compensation following a data breach.

Back to top