Personal details, names and addresses of unto 26,000 customers have been breached in an attack on the Debenhams Flowers website.
Ecomnova, the third-party firm that looks after the flower ordering arm of Debenhams along with its hampers, personalised gifts and wine online stores was targeted by the hackers who made off with financial and personal data of up to 26,000 customers..
Sky News spoke to the retailer who confirmed the attack: "All affected customers have been contacted by Debenhams to inform them of the incident. We are working with Ecomnova to ask the banks of those affected to block payment cards of those customers affected and issue customers with new cards."
Debenhams suspended all websites that Ecomnova runs for it and in a statement said: "Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take. This incident has only affected customers of Debenhams Flowers and customers of the Debenhams.com site are not affected.
"Debenhams has taken immediate steps to minimise risk to customers affected and made contact with all those customers whose data has been accessed."
A spokesperson from the Information Commissioner's Office said they were aware of a 'potential incident': "Businesses and organisations are required under the Data Protection Act to keep people's personal data safe and secure."
The real cost of hacking on UK businesses? £42bn!
Debenhams chief executive Sergio Bucher said: "As soon as we were informed that there had been a cyberattack, we suspended the Debenhams Flowers website and commenced a full investigation.
"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."
All customers affected by the breach have been informed and Debenhams have said that consumers on its main website have not been affected. Of the few details that have been shared by Debenhams, it is known that 26,000 customers have been affected and that cyber criminals have had access to the financial and personal details of the customers for unto 6 weeks!
Website security certificates vulnerable to hackers
Talking about the gravity of the situation, Dr Jamie Graves, CEO at ZoneFox said: "The Debenhams hack is a key reminder to businesses that the third-party vendors you partner should be properly vetted to ensure they have secure systems in place.The hackers allegedly gained access to site operator Economova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow. Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities and behaviour that might be putting your data at risk. Such an approach goes a long way to ensuring that a breach - whether third-party or not - is identified and dealt with as quickly as possible.”
The Debenhams Flowers website is offline while the breach is investigated.
Young British hacker jailed for 2 years for orchestrating 1.7m cyber-attacks