The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed.

The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.

The letter states that an unauthorized actor gained access to website customers’ payment card data from Aug. 15, 2014 through Sept. 15, 2018. The intrusion was confirmed on Oct. 30 of this year, shortly after the company’s security team was alerted of suspicious website activity.

Stolen data includes names, payment card numbers, expiration dates, and card security codes.

“To help prevent a similar incident from occurring in the future, we have redesigned the Canadian website and implemented additional security measures,” the breach notification states. “We are also working with the payment card networks so that banks and other entities that issue payment cards can be made aware.”

Purchases made on the U.S.-based 1-800-FLOWERS website 1800Flowers.com were not impacted. SC Media has reached out to 1873349 Ontario for additional comments.

Topics:

Cybercrime Data Breach Internet Security Retail Web Security