Funky Pigeon is home to a huge range of unique cards and gifts online. They even provide each customer with the opportunity to personalize cards through their easy-to-use online editor. Unfortunately, just last week, Funky Pigeon suspended their website and stopped taking orders for an uncertain time period.
Apparently, there was a cyberattack on the website last week. After which they temporarily suspended any new orders. Funky Pigeon, owned by WHSmith stated that the website was taken down and other systems went offline as a safety precaution. Their website at the moment currently displays the following error as you try to access it:
‘Oops! We’re experiencing some issues and we can’t accept new orders at the moment. Please try again later!’
The firm reassured customers that no confidential data has been pilfered whether payment-related or in terms of account passwords. Funky Pigeon in a statement said they informed the concerned authorities right away as soon as they discovered the cyberattack. It stated:
“As soon as we discovered the incident last Thursday, we launched a forensic investigation led by external experts to understand the incident and whether there has been any impact on customer data.”
According to Funky Pigeon, they’re going to investigate thoroughly by judging the extent of the attack and if any data has been compromised. They said:
“We are currently investigating the extent to which any personal data – specifically names, addresses, email addresses, and personalized card and gift designs – has been accessed. We take the security of customer data extremely seriously and we have temporarily suspended any new orders via the website.”
In the statement, they apologized to the customers for causing them distress and any inconveniences on their part. They also told how their teams are working hard to resolve the issue.
“We would like to sincerely apologize to our customers for any concern or disruption this may cause, and reassure them that our teams are working around the clock to investigate and resolve this incident.”
They said once their investigation proceeds further, they will keep the customers up-to-date.
“As our investigation progresses, we will provide further updates to customers and other affected parties as necessary.”
The company further said they’ll be informing all their clients from last year to let them know about the cyberattack.
Cyber-criminals have been targeting retailers ever since the shop sellers have switched to e-commerce due to the COVID-19 pandemic. Given such merchandisers wouldn’t have had the chance to implement strong cybersecurity measures for their websites, they make an easy target for the cyber-criminals.
At the moment there are very limited details regarding the incident, like to what extent the data has been accessed by the attackers. However, cybersecurity experts have forewarned the customers of Funky Pigeon to stay on alert in case another cyberattack follows this one in the upcoming weeks and months.
Justin Vaughan-Brown, VP of strategic communications at Deep Instinct commented: “Although Funky Pigeon has confirmed that they believe no customer payment data is at risk, personal data such as names, addresses and emails may have been accessed. Unfortunately, stolen data usually ends up being sold on the dark web and can be used to commit further crimes such as fraud. It is an awful position for both the business and customers to be in – not knowing who has access to their personal data, and ultimately, what they could be using it for.”
Dominic Trott, UK product manager at Orange Cyberdefense added: “While Funky Pigeon and its owner WHSmith have released a statement saying that no customer payment data has been breached, that doesn’t mean it’s in the clear yet. Consumers are becoming increasingly aware of the risk of cybercrime as it rises higher on the mainstream news agenda, so the incident could still have an impact on the company’s reputation and its consumers’ willingness to spend.”
“While the company has taken necessary steps since the breach – such as reporting the incident to regulations and law enforcement, informing those whose data may have been put at risk, and taking its systems offline – it’s vital that it mitigates further and future damage. As a company that handles both sensitive payment data and personal information such as passwords, birthdays, and addresses, Funky Pigeon must therefore have a comprehensive multi-layered approach to security.”
Hopefully, Funky Pigeon recovers from this incident soon and gets back on track by taking orders through the website and in-store. They should also strengthen their cybersecurity in order to avoid such an incident to take place again in the future.