26,000 customers affected by Debenhams Flowers cyber attack

Credit card details and personal data leaked following an attack on the retailer's flowers website

Tens of thousands of Debenhams customers have had their personal information compromised in a cyber attack on the company's flower website.

The hack, which the company disclosed on Friday, involved the account details of 26,000 customers, including their card information and passwords.

Debenhams Flowers, a website operated by flower and gifting supplier Ecomnova, is separate to Debenham's main website, which remains unaffected by the attack, the retailer said. The flowers website has since been suspended.

"Debenhams has taken immediate steps to minimise risk to customers affected and made contact with all those customers whose data has been accessed," the company said.

Sergio Bucher, CEO of Debenhams, added in a statement: "We take the security of data very seriously and protection our customers is a top priority for Debenhams.

"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."

The letter to customers reveals the attack took place between 24 February and 11 April, although victims have only now been notified. Credit card information, names, addresses, email addresses and passwords were among the stolen data.

Debenhams has notified the Information Commissioner's Office (ICO) and has said it is working with "all the relevant authorities and cyber security experts to support Ecomnova in investigating the incident".

Dr Jamie Graves, CEO at cyber security firm ZoneFox, described the hack as a key reminder for businesses to properly vet their third-party vendors.

"The hackers allegedly gained access to site operator Economova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow," he said.

"Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities."

IT Pro has approached Economova for comment.

Although it is unclear what caused the attack, a spate of recent data breaches has been blamed on password re-use. Food delivery service Deliveroo recently suffered a cyber attack, in which some users reported having as much as 600 stolen from their accounts. It is believed the hack was facilitated by the use of stolen passwords from other websites.

Debenhams has set up a customer hotline has been set up to deal with any questions regarding the hack: 0333 003 7068.

WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022