Gift card retailer Funky Pigeon has experienced a cyber-attack, leading the firm to temporarily suspend orders.
Funky Pigeon, which is owned by WHSmith, revealed it had taken its systems offline as a precaution, preventing it from fulfilling customer orders. The firm’s website currently carries the message: ‘Oops! We’re experiencing some issues and we can’t accept new orders at the moment. Please try again later!’
The retailer said it had informed regulators and law enforcement of the incident, which it is currently investigating with the help of external cybersecurity experts. However, it assured customers that no payment data was at risk and did not believe any account passwords were compromised.
In a statement, Funky Pigeon said: “As soon as we discovered the incident last Thursday, we launched a forensic investigation led by external experts to understand the incident and whether there has been any impact on customer data.
“We are currently investigating the extent to which any personal data – specifically names, addresses, email addresses, and personalized card and gift designs – has been accessed. We take the security of customer data extremely seriously and we have temporarily suspended any new orders via the website.
“We would like to sincerely apologize to our customers for any concern or disruption this may cause, and reassure them that our teams are working around the clock to investigate and resolve this incident.
“As our investigation progresses, we will provide further updates to customers and other affected parties as necessary.”
The company added it would be writing to all customers for the past 12 months to inform them of the attack.
Retailers are becoming an increasingly enticing target for cyber-criminals following the significant shift to e-commerce during the COVID-19 pandemic. Earlier this month, UK retailer The Works was forced to close several stores and partially suspend its operations after a cyber-attack.
While there are limited details on the incident, including how many personal data was accessed by the attackers, cybersecurity experts have warned Funky Pigeon customers to be extra vigilant for social engineering attacks in the coming weeks and months.
Justin Vaughan-Brown, VP of strategic communications at Deep Instinct, commented: “Although Funky Pigeon has confirmed that they believe no customer payment data is at risk, personal data such as names, addresses and emails may have been accessed. Unfortunately, stolen data usually ends up being sold on the dark web and can be used to commit further crimes such as fraud. It is an awful position for both the business and customers to be in – not knowing who has access to their personal data, and ultimately, what they could be using it for.” Read more:https://bit.ly/3JZguTd
You can also read this: Security Teams Prep Too Slowly for Cyberattacks