Debenhams Flowers Suffers Cyber Attack That Exposes Personal Information of Customers

Media Division | May 5, 2017

Any organization can be targeted by a cyber attack in today’s world of widely used technology.  The implementation of technology in a multitude of operations and industries has opened more doors than ever for cyber criminals to launch their malicious attacks.  In a recent attack, a hacker was able to breach the Debenhams Flowers website, resulting in the theft of over 26,000 customer details.

What Was Impacted in the Breach

More specifically, the breach was of Ecomnova Ltd, a company that operates flower and gifting websites, including Debenhams Flowers.  And Debenhams was quick to point the finger at the third party supplier of their website to attempt to absolve themselves of the blame.  The customer details affected in the attack included names, addresses, and payment information. Upon being notified of the breach, Debenhams had immediately suspended the flowers website and began an investigation of the incident. According to the retailer, the attack had only impacted their flowers website and stressed that their main site was not affected.  Though, they did also take their hamper, wine, and personalized gift sites down as a precaution.

Of course, the type of sensitive information stolen in the above attack has the potential to be used for several malicious activities, including financial fraud and identity theft.  Debenhams has said that they are working with Ecomnova to contact the banks of those affected to have them cancel the affected cards and issue new ones to the customers.

How Debenhams Addressed the Attack

Aside from shutting down the website and beginning an investigation, Debenhams had also taken further steps to address the breach.  They said in a statement, “Debenhams has taken immediate steps to minimize risk to customers affected and made contact with all those customers whose data has been accessed. We are working with Ecomnova and all relevant authorities to investigate this attack and apologize to all customers affected.”  While it is good that Debenhams is taking further steps to mitigate the breach, their finger pointing at their third party supplier shows somewhat of a lack of responsibility.  Realistically, an organization is responsible for ensuring the security of all vectors, platforms, and systems.  When seeking to partner with or employ the services of a third party vendor, an organization should ensure to thoroughly vet and assess their cyber security.  While the direct breach may have been of the third party vendor, Debenhams still has the responsibility to protect the information of their customers in all avenues.

The Necessity of Proper Cyber Security to Prevent Security Breaches

As mentioned above, there are more vectors than ever for cyber attackers to be able to breach systems and networks.  Cyber security must be extremely formidable to ensure that these attacks are prevented.  All components of an organization’s direct systems and those of third parties must be properly defended to prevent security breaches.  A security breach can have much wider effects than just those of data and financial loss.  It can also damage the trust of consumers, and the organization’s reputation.  And these effects can be exacerbated when a breach is not handled extensively and definitively.  The customers or clients need to be able to see that the organization is taking the necessary actions to protect their data in the event of future attempted attacks.  Massive Alliance offers a wide array of services that can help to successfully prevent security breaches.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.