Gift card retailer Funky Pigeon has skilled a cyber-attack, foremost the organization to temporarily suspend orders.
Funky Pigeon, which is owned by WHSmith, unveiled it experienced taken its methods offline as a precaution, protecting against it from fulfilling consumer orders. The firm’s web-site at present carries the message: ‘Oops! We’re going through some issues and we can’t acknowledge new orders at the instant. Remember to consider once more later!’
The retailer stated it had informed regulators and legislation enforcement of the incident, which it is now investigating with the aid of exterior cybersecurity experts. Even so, it assured shoppers that no payment info was at risk and did not believe any account passwords had been compromised.
In a assertion, Funky Pigeon said: “As before long as we found out the incident final Thursday, we introduced a forensic investigation led by external experts to realize the incident and no matter whether there has been any affect on shopper information.
“We are at the moment investigating the extent to which any personalized facts – especially names, addresses, email addresses and customized card and gift designs – has been accessed. We choose the security of shopper data really critically and we have briefly suspended any new orders via the site.
“We would like to sincerely apologize to our prospects for any worry or disruption this may possibly trigger, and reassure them that our teams are working about the clock to look into and resolve this incident.
“As our investigation progresses, we will provide even further updates to consumers and other impacted parties as required.”
The firm extra it would be creating to all consumers from the past 12 months to notify them of the attack.
Suppliers are getting an progressively engaging goal for cyber-criminals subsequent the major change to e-commerce in the course of the COVID-19 pandemic. Previously this month, UK retailer The Performs was forced to close many stores and partially suspend its operations immediately after a cyber-attack.
Whilst there are restricted information on the incident, like how a great deal individual facts was accessed by the attackers, cybersecurity authorities have warned Funky Pigeon shoppers to be additional vigilant for social engineering attacks in the coming months and months.
Justin Vaughan-Brown, VP of strategic communications at Deep Intuition, commented: “Although Funky Pigeon has verified that they think no purchaser payment details is at risk, personal information these types of as names, addresses and email messages may have been accessed. However, stolen info usually ends up getting offered on the dark web and can be used to dedicate further more crimes this sort of as fraud. It is an terrible posture for both of those the business enterprise and shoppers to be in – not understanding who has accessibility to their individual facts, and in the end, what they could be utilizing it for.”
Dominic Trott, UK solution manager at Orange Cyberdefense, extra: “While Funky Pigeon and its operator WHSmith have launched a statement expressing that no consumer payment details has been breached, that does not signify it is in the apparent nevertheless. Customers are becoming increasingly mindful of the risk of cybercrime as it rises greater on the mainstream information agenda, so the incident could continue to have an effects on the company’s standing and its consumers’ willingness to expend.
“While the enterprise has taken required techniques since the breach – these kinds of as reporting the incident to laws and law enforcement, informing those whose knowledge may possibly have been set at risk and using its techniques offline – it is crucial that it mitigates further more and future damage. As a company that handles both delicate payment information and individual information this kind of as passwords, birthdays and addresses, Funky Pigeon have to as a result have a in depth multi-layered tactic to security.”
Some components of this short article are sourced from: