26,000 customers affected by Debenhams Flowers cyber attack

Credit card details and personal data leaked following an attack on the retailer's flowers website

Tens of thousands of Debenhams customers have had their personal information compromised in a cyber attack on the company's flower website.

The hack, which the company disclosed on Friday, involved the account details of 26,000 customers, including their card information and passwords.

Debenhams Flowers, a website operated by flower and gifting supplier Ecomnova, is separate to Debenham's main website, which remains unaffected by the attack, the retailer said. The flowers website has since been suspended.

Advertisement - Article continues below

"Debenhams has taken immediate steps to minimise risk to customers affected and made contact with all those customers whose data has been accessed," the company said.

Sergio Bucher, CEO of Debenhams, added in a statement: "We take the security of data very seriously and protection our customers is a top priority for Debenhams.

"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."

The letter to customers reveals the attack took place between 24 February and 11 April, although victims have only now been notified. Credit card information, names, addresses, email addresses and passwords were among the stolen data.

Debenhams has notified the Information Commissioner's Office (ICO) and has said it is working with "all the relevant authorities and cyber security experts to support Ecomnova in investigating the incident".

Advertisement - Article continues below

Dr Jamie Graves, CEO at cyber security firm ZoneFox, described the hack as a key reminder for businesses to properly vet their third-party vendors.

Advertisement - Article continues below

"The hackers allegedly gained access to site operator Economova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow," he said.

"Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities."

IT Pro has approached Economova for comment.

Although it is unclear what caused the attack, a spate of recent data breaches has been blamed on password re-use. Food delivery service Deliveroo recently suffered a cyber attack, in which some users reported having as much as 600 stolen from their accounts. It is believed the hack was facilitated by the use of stolen passwords from other websites.

Debenhams has set up a customer hotline has been set up to deal with any questions regarding the hack: 0333 003 7068.

WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020