26,000 customers affected by Debenhams Flowers cyber attack

Credit card details and personal data leaked following an attack on the retailer's flowers website

Tens of thousands of Debenhams customers have had their personal information compromised in a cyber attack on the company's flower website.

The hack, which the company disclosed on Friday, involved the account details of 26,000 customers, including their card information and passwords.

Debenhams Flowers, a website operated by flower and gifting supplier Ecomnova, is separate to Debenham's main website, which remains unaffected by the attack, the retailer said. The flowers website has since been suspended.

Advertisement - Article continues below

"Debenhams has taken immediate steps to minimise risk to customers affected and made contact with all those customers whose data has been accessed," the company said.

Sergio Bucher, CEO of Debenhams, added in a statement: "We take the security of data very seriously and protection our customers is a top priority for Debenhams.

"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."

The letter to customers reveals the attack took place between 24 February and 11 April, although victims have only now been notified. Credit card information, names, addresses, email addresses and passwords were among the stolen data.

Debenhams has notified the Information Commissioner's Office (ICO) and has said it is working with "all the relevant authorities and cyber security experts to support Ecomnova in investigating the incident".

Advertisement
Advertisement - Article continues below

Dr Jamie Graves, CEO at cyber security firm ZoneFox, described the hack as a key reminder for businesses to properly vet their third-party vendors.

Advertisement - Article continues below

"The hackers allegedly gained access to site operator Economova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow," he said.

"Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities."

IT Pro has approached Economova for comment.

Although it is unclear what caused the attack, a spate of recent data breaches has been blamed on password re-use. Food delivery service Deliveroo recently suffered a cyber attack, in which some users reported having as much as 600 stolen from their accounts. It is believed the hack was facilitated by the use of stolen passwords from other websites.

Debenhams has set up a customer hotline has been set up to deal with any questions regarding the hack: 0333 003 7068.

WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020