The UK retailer Debenhams reported that up to 26,000 customers have has their personal data compromised after a cyber-attack on its Flowers website.
The data that potentially taken during the incident includes names, addresses and payment details. The attack targeted a third-party company Ecomnova taking place between 24 February and 11 April.
The flowers website is currently offline and all the customers affected have been contacted.
In a statement from Debenhams, they said: "Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take,"
New chief executive Sergio Bucher, who formerly worked for online giant Amazon, said: “As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation.
“We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk.”
The breach of security has been reported to the Information Commissioner’s Office.
Third-party company breaches can be just as damaging as a first-party breach. In May 2018 when the GDPR comes into force, businesses will need to pay more attention to the security of their own data as well as third-party data to ensure that customer data is as secure as possible.
Originally published on Defence.Digital