Online greeting cards business Funky Pigeon was forced to close its doors temporarily last week after a “cybersecurity incident.”
Visitors to the company’s website were still being greeted as recently as Monday with a message saying that it could not accept new orders.
Oops! We’re experiencing some issues and we can’t accept new orders at the moment. Please try again later!
Understandably, some customers were less than impressed.
Funky Pigeon initially offered only the smallest of breadcrumbs to customers complaining since last Thursday that their existing orders had been cancelled, or that they had not been able to order cards to be sent to loved ones, tweeting that it was suffering “technical issues.”
However, Funky Pigeon’s parent company WH Smith today told the London Stock Exchange that it had taken its systems offline due to “a cyber security incident affecting part of its systems.”
We take the security of customer data extremely seriously. The Company has temporarily suspended orders from the website and is currently investigating the detail of the incident with external IT specialists.
No customer payment data, such as bank account or credit card details, has been placed at risk – all of this data is processed securely via accredited third-parties and is securely encrypted. We are currently investigating the extent to which any personal data, specifically names, addresses, e-mail addresses and personalised card and gift designs has been accessed.
Funky Pigeon said it was contacting customers to inform them of the incident.
Obviously it’s good news if payment card information has not been exposed through the breach – but that’s not entirely surprising, as such sensitive data processing is normally farmed out to third-parties who specialise in handling financial transactions.
But it would still be bad news if names, addresses and contact lists have fallen into the hands of unauthorised parties – and would open opportunities for fraudsters and scammers to take advantage. Anyone who fell victim to such an attack would probably feel as sick as a… uhh… parrot.
Unfortunately, WH Smith and Funky Pigeon have not shared any more details of the nature of the attack or how they might have gained access to the company’s systems. For now it remains a mystery whether, for instance, the company has received a ransom demand from its attackers to prevent stolen data being sold to other criminals or published on the web.
Earlier this month high street discount retailer The Works, another familiar name to Brits, suffered a cyber attack that disrupted its business and forced the closure of some stores.
What irritates me is the repetition in the FAQs https://www.funkypigeon.com/faqs.aspx
We take the security of customer data extremely seriously and we immediately launched a forensic investigation led by external experts to understand the incident and whether there has been any impact on customer data. These incidents are complex and resource intensive and any thorough investigation requires time to be comprehensive and accurate. We want to ensure that our customers are provided with accurate information.
Not SERIOUSLY enough!