In a post-Valentine's Day attack the e-commerce site of 1-800-FLOWERS was accessed by an unauthorized person for more than a day during which time about 7,000 customers placing orders on the site may have had their personal and payment information compromised.
The online flower retailer said in a letter to the California Department of Justice that for a 33-hour period – stretching from the evening of Feb. 15 to early morning on Feb. 17 – an attacker collected the name, address, email address, payment card number along with its expiration date and CVV security code of all those placing or attempting to place orders on the site.
The company would not disclose how the attacker breached its system, but gave some insight on how 1-800-FLOWERS discovered the issue.
“Our customer service team received reports on Feb. 15, 2016 from several customers indicating that they were unable to complete their online orders. Our operations team initiated an investigation and identified signs of unauthorized access to the network that operates our e-commerce platform,” Joseph Pititto, the company's senior vice president, investor relations, told SCMagazine.com Thursday in an email.
Pititto said the company has received no reports that the information taken has been used in a malicious fashion.
1-800-FLOWERS said it has resolved the issue and is warning anyone who was on the site during the affected period to remain vigilant and review payment card statements carefully for unknown activity.