Funky Pigeon has suspended taking orders while a cyber attack is investigated.
Its parent company WHSmith has reported that a cyber security incident affecting the pureplay greetings card and gift retailer took place on Thursday April 14. It has brought in IT specialists to investigate, but is reassuring Funky Pigeon customers in the meantime that no payment data is at risk since its payments are processed via third-party payments providers. However it is still looking into whether personal data, including names, addresses, email addresses and card and gift designs have been accessed by hackers.
In a statement, WHSmith said current analysis of the situation suggested there would not be a material effect on its financial position, with half-year results due to be reported on April 27 2022.
The news comes weeks after The Works reported a cyber incident that forced it to close around five of its stores and delayed store and online deliveries.
Commenting, Dominic Trott, UK product manager at Orange Cyberdefense says: “While Funky Pigeon and its owner WHSmith have released a statement saying that no customer payment data has been breached, that doesn’t mean it’s in the clear yet. Consumers are becoming increasingly aware of the risk of cybercrime as it rises higher on the mainstream news agenda, so the incident could still have an impact on the company’s reputation, and its consumers’ willingness to spend.
“While the company has taken necessary steps since the breach – such as reporting the incident to regulations and law enforcement, informing those whose data may have been put at risk and taking its systems offline – it’s vital that it mitigates further and future damage. As a company that handles both sensitive payment data and personal information such as passwords, birthdays and addresses, Funky Pigeon must therefore have a comprehensive multi-layered approach to security.
“Technology and security tools still play an important role in a business’ security architecture, but the human element of cybersecurity must not be forgotten in order to bolster their cyber defenses. Going forwards, Funky Pigeon should invest in ensuring employees understand the evolving cybersecurity ecosystem at every tier of its structure, as well as implementing intelligent and agile security measures to diminish the risk of a successful attack. By doing so, it can make its employees its first line of defence, and protect its infrastructure and customers from such attacks in the future.”
The scale of the cyber attack issue
Recent Government research has suggested that cyber attacks are becoming more frequent, although the number of businesses experiencing them have stayed stable. Almost four in 10 (39%) of 1,243 businesses questioned at random for the Cyber Security Breaches Survey 2022 for the Department for Digital, Culture, Media and Sport, reported cyber security breaches of attacks in the previous 12 months. That’s the same as in 2021, and down from 46% in 2020.
Just under a third (31%) of businesses thought they were attacked at least once a week, while 20% said they had a negative outcome as a result. The most common were phishing attempts – reported by 83% of those that had experienced an attack, while 21% had experienced denial of service, malware or ransomware attacks. Among those that said they felt a material impact from the attack, medium and large businesses estimated an average cost of £19,400.
Four out of five managers (82%) said cyber security was a ‘very’ or ‘fairly’ high priority – up from 77% in 2021 and the highest level of alert yet. Forty per cent of businesses were using at least one managed service provider but only 13% reviewed the risks that immediate suppliers represent. Almost half (49%) said that they had acted in at least five of the 10 areas suggested in government guidance – 10 steps to Cyber Security.
The steps include managing risks, engagement, assets, vulnerability and incidents as well as supply chain security.