It appears that the attack is only limited to the CeX website, which stopped taking financial data eight years agp. In-store personal membership information isn't thought to be affected, but the company has warned all of its customers to change their store passwords, as well as any other accounts that share the same login details.
"We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats," it said in a statement. "Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again."
CeX joins TalkTalk, Three and the UK parliament in admitting that it has been the target of a large-scale online attack. While you may have received the email from the company, it doesn't mean that your details have necessarily been stolen. CeX has said it has contacted all of its website customers as a precautionary measure.