back to article Debenhams Flowers shoppers stung by bank card-stealing tech pest

Malware has infected backend systems used by Brit high street chain Debenhams – and swiped 26,000 people's personal information in the process. The cyber-break-in targeted the online portal for the retailer's florist arm, Debenhams Flowers. Miscreants had access to the internal systems at Ecomnova, the biz that runs the …

  1. Your alien overlord - fear me

    Affected customers have all reportedly been notified.

    By their bank saying they are overdrawn and why did they transfer all their money to Romania?

    At least they had a few old five pound notes in their jacket pocket. Oh wait....

  2. Doctor Syntax Silver badge

    Next May GDPR comes into force. How many of these businesses will be ready for it? How many have even heard of it? There are going to be some nasty shocks when the fines start to build up.

    1. Anonymous Coward
      Anonymous Coward

      There are going to be some nasty shocks when the fines start to build up.

      Lets wait and see if serious fines get levied before being that confident. I suspect we'll see a continuation of the current trend: Public sector fining itself, SMEs taking a pounding, wilful fraudsters evading their fines, and big companies getting fines amounting to peanuts. TalkTalk will be hoping so,

    2. Oneman2Many

      Especially when companies begin to realise that under GDPR they can be fined for breaches upstream or downstream so best start looking at all those 3rd parties who are collecting data on your behalf and those you are supplying data to.

      Regardless as Debenhams are finding out, its their brand that is going to hit regardless of where the breach occurred.

  3. Doctor Syntax Silver badge

    "Many organisations assume that their business partners are secure, but don't actually take steps to validate this."

    But surely they're secure already. Because Cloud.

  4. Walter Bishop Silver badge

    Compliant to security standard

    "Often it is believed that if third-party suppliers and contractors are compliant to one security standard or another, they can be trusted with sensitive data. But being compliant at one point in time is not a true indication of security posture, as it doesn't take into account any changes in the company's infrastructure or advancements in attack techniques"

    In the real world, compliant is as much use as use toiletpaper. Do you have any ideas as to the ecommerce platform Debenhams runs on and the technical nature of the attack?

    Magento Integration with Debenhams

  5. This post has been deleted by its author

    1. c0ldr3x

      Re: Mothers day

      A year ago Magento project I was involved with was also affected by similar hack.

      It could be a JS payload that sits on checkout page and sends ajax requests to preuploaded php file that transmits data to external server via cURL.

      So it doesn't matter if you store payment data or not, this would not protect your customers if you have any third party scripts sitting on your checkout.

  6. Winkypop Silver badge

    A company spokedroid said:

    No flowers by request.

  7. Richard 34

    I bought from Debenhams Flowers on one occasion. I used an email address unique to that site when I registered.

    I received a phishing email to that unique address. I attempted to alert Debenhams Flowers to the clear fact that they had leaked my email address. They wore me down ignoring me.

    So they leak people's data and they don't care.

    1. Anonymous Coward
      Anonymous Coward

      My unique to them email address was also subject to a phishing attempt back in July 2014. I tried to raise it with them but, like for you, they couldn't care less. Equally, I was too busy with other stuff to raise it further up the chain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019