Malware has infected backend systems used by Brit high street chain Debenhams – and swiped 26,000 people’s personal information in the process.
The cyber-break-in targeted the online portal for the retailer’s florist arm, Debenhams Flowers. Miscreants had access to the internal systems at Ecomnova, the biz that runs the Debenhams Flowers business, for more than six weeks.
Customer payment details, names and addresses from between February 24 and April 11 were all potentially exposed as a result of the breach, reports ex-Register vulture Alex J Martin, who just flew off to Sky News. Affected customers have all reportedly been notified.
El Reg asked Debenhams for confirmation of the scope of the breach but we’re yet to hear back at the time of writing.
Security tech slingers said the snafu shows how brands can be exposed through the infosec shortcomings of third-party suppliers.
“The hackers allegedly gained access to site operator Economova’s systems using malicious software to access customers’ personal and financial information,” said Dr Jamie Graves, chief exec at ZoneFox. “The Debenhams hack is a key reminder to businesses that the third-party vendors you partner should be properly vetted to ensure they have secure systems in place.”