The Canadian branch of 1-800-FLOWERS said malware on its website allowed unauthorized access to customers’ credit card details over a four-year period.
TechCrunch reported on December 3rd, 2018 that the flower delivery company filed a report with the California attorney general’s office that said it believes the malware was taking credit card information between August 15th, 2014 to September 15th, 2018.
The breach only affected the Canadian website, according to the company.
“Findings from the investigation suggest that the information collected included your first and last name, payment card number, expiration date, and card security code,” said the filing, which did not indicate a date for when it was filed.
It did indicate that 1-800-FLOWERS’ security team “was made aware of suspicious activity on the Canadian website” and “immediately began an investigation with the assistance of a leading computer security firm and disabled the website.”
The filing said that on October 30th, 2017 it found unauthorized access to credit card data that made purchases between the dates indicated.
MobileSyrup reached out to 1-800-FLOWERS to know how many users were affected but did not receive a comment at the time of publication of this story. The article will be updated with a comment when we receive it.