1-800 FLOWERS warns that hacker may have stolen customers’ personal info

Online florist failed to nip hackers in the bud.

David bisson
David Bisson
@

1-800 flowers

1-800 FLOWERS has begun sending out data breach letters notifying customers that a hacker might have stolen their personal information.

In a letter sent by the New York-based flower and gift retailer to the California Department of Justice, 1-800 FLOWERS explains that it was first alerted to the incident back in February when customers began complaining of an issue on its website.

“Our customer service team received reports on Feb. 15, 2016 from several customers indicating that they were unable to complete their online orders. Our operations team initiated an investigation and identified signs of unauthorized access to the network that operates our e-commerce platform.”

Sign up to our free newsletter.
Security news, advice, and tips.

Bibi Brown, vice president of customer experience for 1-800 FLOWERS goes on to explain the team has since determined that during a 33-hour period between February 15 and February 17, an unauthorized third party might have gained access to customers’ orders, which commonly include their personal information such as their name, address, email address, and payment card data.

Letter

At this time, the floral retailer has not provided information on how the attacker might have succeeded in breaching its system. 1-800 FLOWERS has also not confirmed that any specific order information was affected.

There’s cause for some optimism, however.

Joseph Pititto, the company’s senior vice president, investor relations, told SCMagazine.com in an email that he has received no reports that any of the affected information has been incorporated into any sort of attack or other malicious campaign.

In this particular incident, it appears the worst case scenario would involve some compromised payment cards.

With that in mind, if you attempted to make a purchase with 1-800 FLOWERS during the affected 33-hour period, please take care to watch your credit transaction history carefully.

If you spot any suspicious charges, you should notify your bank or your card provider immediately. They can help you contest the charges, and in incidents such as these, they will be happy to send you a new card.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.