Debenhams Flowers Breached Via Third-Party Provider

UK high street giant Debenhams has confirmed that thousands of customers of its flowers and gifting website have had their personal details breached after a third-party e-commerce vendor was hacked.

The firm confirmed in a brief statement on Friday that partner Ecomnova suffered a cyber-attack, affecting customers of the Debenhams Flowers but not the main site.

It explained:

“Debenhams has taken immediate steps to minimize risk to customers affected and made contact with all those customers whose data has been accessed. Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take.”

Reports suggest as many as 26,000 customers were affected by the breach, which may have exposed payment details alongside names and addresses.

The breach in question is said to have occurred between February 24 and April 11.

ZoneFox CEO, Jamie Graves, argued the incident highlights the importance of vetting the cybersecurity posture of third party vendors.

“The hackers allegedly gained access to site operator Ecomnova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow,” he added.

“Whether the data sits in your business or your partners', this 20/20 vision around your data allows businesses to monitor for risky activities and behavior that might be putting your data at risk. Such an approach goes a long way to ensuring that a breach - whether third-party or not - is identified and dealt with as quickly as possible.”

Richard Stiennon, chief strategy officer at Blancco Technology Group, argued that thanks to technology such as transaction IDs and tokenization, retailers don’t even need to store credit card information, which would make PCI compliance even cheaper and easier.

Imperva director, Ajay Uggirala, urged anyone affected to be on the look out for follow-on phishing attacks.

“You should also keep a close eye on your bank statements, watching out for anything unusual, or better still, tell your bank and request a new card”, he added.

What’s Hot on Infosecurity Magazine?