Nice flowers, but where’s your security?
If you bought flowers over the last 4 years, you’d best hope you didn’t do it via the Canadian branch of 1-800-FLOWERS. The company has just reported to the California attorney general’s office that it had been the victim of malware on it’s website that had stolen customer data.
While breaches in a company’s security is nothing new, the length of this attack should grab your attention. In the reporting, the company admitted that malware was scraping customer information from August 15, 2014 all the way up to September 15, 2018. That’s four years that this attack went unnoticed.
As for the information that was being stolen from the site? It was only the customer’s first and last name, payment card number, expiration date, and credit card security number. That’s right, everything anyone needs to use someone’s credit card number.
In short, this is no small breach. The company reported this to California’s attorney general because California law states that any company must report a breach to the state if more than 500 California residents are affected. Sadly, knowing that at least 500 Californians were affected in this Canadian branch’s breach is all we know about the actual size of this breach. However, if that many Californians were affected by this Canadian website, we can assume that this has been a very widespread intrusion.
Source: Tech Crunch