The company said the stolen data included customers' names, addresses, email addresses, phone numbers and some old credit card information.
It has urged customers to change their password, especially if they reused their Cex password on other websites.
The company - which has stores in Doncaster and Sheffield among 300 nationwide - said it was working with the police following the breach.
The firm allows customers to trade in video games, DVDs and gadgets for cash and vouchers.
It said an "unauthorised third party" had accessed online account holder data, but stressed that in-store data had not been affected.
Affected customers have been sent an email offering guidance.
The company said some encrypted credit card information had been compromised, but since the retailer stopped storing credit card information in 2009, those details were likely to have expired, making them useless to criminals.