Debenhams Hack Leaks Personal Details Of 26,000 Customers


Debenhams informs ICO after hackers breach online florist business through third-party

The latest high-profile security incident to hit the headlines has resulted in the theft of personal and financial data from retailer Debenhams.

The company admitted that Debenhams Flowers, its online florist business, was the victim of a cyber attack in which data for around 26,000 customers is believed to have been stolen through a third-party.

The intruders got away with names, addresses and financial details after having access to Ecomnova, the operator of, for over six weeks.

asda security breach, data breach

Data breach

Debenhams chief executive Sergio Bucher apologised for the leak, saying: “As soon as we were informed that there had been a cyber attack, we suspended the Debenhams Flowers website and commenced a full investigation.

“We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk.”

Those customers affected by the breach have been informed and the online florist website has since been suspended, as have the three other Economova-run sites for hampers, personalised gifts and wine, although it is not clear if the other three were also breached.

Debenhams said it “can be confident” that customers of its main website,, were not affected.

The company has also informed the Information Commissioner’s Office (ICO) about the malware-based attack and contacted customer’s banks to ask them to block payments cards and issue customers with new ones. 

Dr Jamie Graves, CEO at ZoneFox, commented on how the news emphasises the importance of properly vetting third-party vendors. “[The breach] highlights the ever-increasing importance of having 360-degree visibility over all your data flow,” he said.

“Whether the data sits in your business or your partners, this 20/20 vision around your data allows businesses to monitor for risky activities and behaviour that might be putting your data at risk. Such an approach goes a long way to ensuring that a breach – whether third-party or not – is identified and dealt with as quickly as possible.”

Debenhams isn’t the first popular brand to suffer such an attack and it certainly won’t be the last. Just this week cyber criminals stole and released new episodes of Netflix show ‘Orange Is the New Black’, also through a third-party partner.

In April, payday loan company Wonga suffered a data breach affecting 245,000 UK customers, after a technical glitch at Three saw customers presented with the account details of other subscribers.

Do you know all about security in 2017? Try our quiz!