The Flowers website of Debenhams, the UK's largest department store chain (in outlet numbers), was hit with a breach.
The BBC reports that payment details plus names and addresses of up to 26,000 shoppers was compromised.
Between 24 February 24 and 11 April, attackers reportedly targeted Ecomnova, a third-party ecommerce provider that owns and operates Debenhams Flowers, the retail chain's flower and gifting website.
Affected customers have been alerted by the retailer, as was the Information Commissioner's Office. In a statement, the company's new CEO, Sergio Bucher, formerly of Amazon, apologised and said "Debenhams has taken immediate steps to minimise risk to customers affected.” The incursion into the gift site did not affect the retailer's main site, Debenhams.com, Bucher added.
“As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation." – Sergio Bucher, CEO, Debenhams.