Funky Pigeon stalls orders after hackers breach its systems • Graham Cluley

Online greeting cards business Funky Pigeon was forced to close its doors temporarily last week after a “cybersecurity incident.”

Visitors to the company’s website were still being greeted as recently as Monday with a message saying that it could not accept new orders.

Oops! We’re experiencing some issues and we can not accept new orders at the moment. Please try again later!

Understandably, some customers were less than impressed.

Funky Pigeon initially offered only the smallest of breadcrumbs to customers complaining since last Thursday that their existing orders had been canceled, or that they had not been able to order cards to be sent to loved ones, tweeting that it was suffering “Technical issues.”

However, Funky Pigeon’s parent company WH Smith today told the London Stock Exchange that it had taken its systems offline due to “a cyber security incident affecting part of its systems.”

We take the security of customer data extremely seriously. The Company has temporarily suspended orders from the website and is currently investigating the detail of the incident with external IT specialists.

No customer payment data, such as bank account or credit card details, has been placed at risk – all of this data is processed securely via accredited third-parties and is securely encrypted. We are currently investigating the extent to which any personal data, specifically names, addresses, e-mail addresses and personalized card and gift designs have been accessed.

Funky Pigeon said it was contacting customers to inform them of the incident.

Obviously it’s good news if payment card information has not been exposed through the breach – but that’s not entirely surprising, as such sensitive data processing is normally farmed out to third-parties who specialize in handling financial transactions.

But it would still be bad news if names, addresses and contact lists have fallen into the hands of unauthorized parties – and would open opportunities for fraudsters and scammers to take advantage. Anyone who fell victim to such an attack would probably feel as sick as a… uhh… parrot.

Sign up to our newsletter
Security news, advice, and tips.

Unfortunately, WH Smith and Funky Pigeon have not shared any more details of the nature of the attack or how they might have gained access to the company’s systems. For now it remains a mystery whether, for instance, the company has received a ransom demand from its attackers to prevent stolen data being sold to other criminals or published on the web.

Earlier this month high street discount retailer The Works, another familiar name to Brits, suffered a cyber attack that disrupted its business and forced the closure of some stores.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluleyor drop him an email.

Source

Online greeting cards business Funky Pigeon was forced to close its doors temporarily last week after a “cybersecurity incident.”

Visitors to the company’s website were still being greeted as recently as Monday with a message saying that it could not accept new orders.

Oops! We’re experiencing some issues and we can not accept new orders at the moment. Please try again later!

Understandably, some customers were less than impressed.

Funky Pigeon initially offered only the smallest of breadcrumbs to customers complaining since last Thursday that their existing orders had been canceled, or that they had not been able to order cards to be sent to loved ones, tweeting that it was suffering “Technical issues.”

However, Funky Pigeon’s parent company WH Smith today told the London Stock Exchange that it had taken its systems offline due to “a cyber security incident affecting part of its systems.”

We take the security of customer data extremely seriously. The Company has temporarily suspended orders from the website and is currently investigating the detail of the incident with external IT specialists.

No customer payment data, such as bank account or credit card details, has been placed at risk – all of this data is processed securely via accredited third-parties and is securely encrypted. We are currently investigating the extent to which any personal data, specifically names, addresses, e-mail addresses and personalized card and gift designs have been accessed.

Funky Pigeon said it was contacting customers to inform them of the incident.

Obviously it’s good news if payment card information has not been exposed through the breach – but that’s not entirely surprising, as such sensitive data processing is normally farmed out to third-parties who specialize in handling financial transactions.

But it would still be bad news if names, addresses and contact lists have fallen into the hands of unauthorized parties – and would open opportunities for fraudsters and scammers to take advantage. Anyone who fell victim to such an attack would probably feel as sick as a… uhh… parrot.

Sign up to our newsletter
Security news, advice, and tips.

Unfortunately, WH Smith and Funky Pigeon have not shared any more details of the nature of the attack or how they might have gained access to the company’s systems. For now it remains a mystery whether, for instance, the company has received a ransom demand from its attackers to prevent stolen data being sold to other criminals or published on the web.

Earlier this month high street discount retailer The Works, another familiar name to Brits, suffered a cyber attack that disrupted its business and forced the closure of some stores.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluleyor drop him an email.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!