The UK retailer has tried to absolve itself of blame, placing fault at the feet of a third-party supplier.
The payment details, names and addresses of thousands of Debenhams customers have been accessed or stolen, with the retailer confirming that a cyber attack had been successful in breaching it’s online portal for its florist service.
The UK retailer was quick to absolve itself of any blame and pointed the finder of blame at Ecomnova, their third-party supplier, saying:
“Ecomnova Ltd, the company that owns and operates flower and gifting website including Debenhams Flowers, has suffered a cyber attack.”
The retailer stressed that the cyber attack has only affected Debenhams Flowers customers, with the number of potential victims reported to total around 26,000. Debenhams also stressed that they have taken the appropriate steps following the discovery of the attack. IN a statement, the retailer said:
“Debenhams has taken immediate steps to minimise risk to customers affected and made contact with all those customers whose data has been accessed. We are working with Ecomnova and all relevant authorities to investigate this attack and apologise to all customers affected.”
Although Debenhams was quick to point the finger of blame at Ecomnova, the retailer must take some of the blame as all businesses should ensure platforms and systems are secure, no matter who supplies them.
“The Debenhams hack is a key reminder to businesses that the third-party vendors you partner should be properly vetted to ensure they have secure systems in place.The hackers allegedly gained access to site operator Economova’ systems using malicious software to access customers’ personal and financial information. This highlights the ever-increasing importance of having 360-degree visibility over all your data flow,” said Dr Jamie Graves, CEO at ZoneFox.
“Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities and behaviour that might be putting your data at risk. Such an approach goes a long way to ensuring that a breach – whether third-party or not – is identified and dealt with as quickly as possible.”