26,000 customers affected by Debenhams Flowers cyber attack

Credit card details and personal data leaked following an attack on the retailer's flowers website

Tens of thousands of Debenhams customers have had their personal information compromised in a cyber attack on the company's flower website.

The hack, which the company disclosed on Friday, involved the account details of 26,000 customers, including their card information and passwords.

Debenhams Flowers, a website operated by flower and gifting supplier Ecomnova, is separate to Debenham's main website, which remains unaffected by the attack, the retailer said. The flowers website has since been suspended.

"Debenhams has taken immediate steps to minimise risk to customers affected and made contact with all those customers whose data has been accessed," the company said.

Advertisement - Article continues below

Sergio Bucher, CEO of Debenhams, added in a statement: "We take the security of data very seriously and protection our customers is a top priority for Debenhams.

"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."

The letter to customers reveals the attack took place between 24 February and 11 April, although victims have only now been notified. Credit card information, names, addresses, email addresses and passwords were among the stolen data.

Debenhams has notified the Information Commissioner's Office (ICO) and has said it is working with "all the relevant authorities and cyber security experts to support Ecomnova in investigating the incident".

Dr Jamie Graves, CEO at cyber security firm ZoneFox, described the hack as a key reminder for businesses to properly vet their third-party vendors.

"The hackers allegedly gained access to site operator Economova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow," he said.

"Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities."

IT Pro has approached Economova for comment.

Although it is unclear what caused the attack, a spate of recent data breaches has been blamed on password re-use. Food delivery service Deliveroo recently suffered a cyber attack, in which some users reported having as much as 600 stolen from their accounts. It is believed the hack was facilitated by the use of stolen passwords from other websites.

Debenhams has set up a customer hotline has been set up to deal with any questions regarding the hack: 0333 003 7068.

WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

How to protect against a DDoS attack

25 Oct 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Five signs that it’s time to retire IT kit

29 Nov 2019

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019