26,000 Debenhams Flowers customers hit by cyber attack

The personal information of 26,000 Debenhams Flowers customers has been compromised in a cyber attack.

The attack, which targeted Ecomnova, a third-party company which owns the Flowers website, means payment details, names and addresses were potentially taken.

The website is separate to Debenhams' main website, Debenhams.com, which was unaffected by the attack.

The breach, which took place between 24 February and 11 April this year, looked as though hackers gained access to Ecomnova’s systems using malicious software, cyber security experts said.

Debenhams said it had taken “immediate steps” to minimise risk to affected customers and had made contact with all customers whose data had been accessed.

Sergio Bucher, CEO of Debenhams, added in a statement: "We take the security of data very seriously and protection our customers is a top priority for Debenhams.

"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."

The retailer has notified the Information Commissioner’s Office about the incident.

Dr Jamie Graves, CEO at cyber security firm ZoneFox, told IT Pro: "The hackers allegedly gained access to site operator Ecomnova' systems using malicious software to access customers' personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow.

"Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities."