Hackers claim to have obtained sensitive customer information from a decommissioned Cash Converters website.
In an email to customers, the company said its webshop had been hacked with details taken from a website that was decommissioned in September and was still being hosted by an external third party.
The breach only affects those users of the old site, but details compromised include account names, passwords and delivery addresses, but not credit card details.
The hackers have threatened to release information unless it is paid a financial ransom.
In a statement sent to SC Media UK, Cash Converters said: “Our customers truly are at the heart of everything wit do and we are both disappointed and saddened that you have been affected. We apologies for this situation and are taking immediate action to address it.”
Security management and threat intelligence specialists AlienVault added that the company was in an awkward situation because without reliable logs, the victim can’t know for sure if the hackers actually have the data or if they will stick to their word and not release it after receiving payment.