The Canadian website of a flower-ordering service has acknowledged that personal information including credit card numbers of an unspecified number of purchasers were exposed over a four year period ending Sept. 15.
1873349 Ontario, Inc., which runs the 1-800-FLOWERS.ca website, notified California’s attorney general of the breach.
Not affected was the 1800Flowers.com website.
According to a copy of the notice sent to victims by William Shea, vice-president of the numbered company, the corporation’s security team noticed suspicious activity on the Canadian website at an unspecified date. It hired a security firm to help with an investigation, and by Oct. 30 had determined there had been unauthorized access to payment card data from cards used to make purchases on the Canadian site from August 15, 2014 to September 15, 2018.
Data stolen included first and last name, payment card number, expiration date and card security code.
“To help prevent a similar incident from occurring in the future, we have redesigned the Canadian website and implemented additional security measures,” Shea’s letter said. “We are also working with the payment card networks so that banks and other entities that issue payment cards can be made aware.”
He encourages potential victims to closely review their payment card statements for any unauthorized charges, and report any found to the bank, credit union or credit card company that issued their card.
“Hacking is an industry-wide challenge with 1-800-Flowers being the latest in a growing list,” said Ryan Wilk, vice-president of customer success for Vancouver-based NuData Security, a Mastercard company. “Cybercriminals have been on a rampage with new techniques to secure all the information to take over accounts, buy illicit products and services or sell the information to other criminals on the dark web. All customers should take steps to monitor their credit card activity or even change their credit cards for new ones.”