A malware attack between February 24 and April 11 exposed the personal data of approximately 26,000 customers of flower delivery service Debenhams Flowers, the company announced.
The attack actually targeted Ecomnova Ltd., the third-party operator of the website. Hackers accessed and stole payment details, names and addresses of the flower delivery website, but Debenhams assures customers using other services were not affected.
“As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation,” said Debenhams Chief Executive Sergio Bucher in a statement.
“We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk.”
The victims of the data breach are being contacted by both email and post, and given step-by-step instructions on what to do next. Together with Ecomnova, Debenhams is reaching out to all banks associated with the breached accounts to make sure payments are blocked and new cards are reissued to the victims.
Customers of Debenhams Flowers are advised to also contact their banks, change all account passwords and keep an eye on their accounts.