Funky Pigeon pauses all orders after 'security incident'

Parent WH Smith says no customer payment data exposed, according to current investigations

British retailer WH Smith has confirmed that Funky Pigeon, its online greetings card and gift subsidiary, has halted all further orders after a "security incident."

The company's social media feeds told customers late last week that "technical issues" were delaying new business being processed.

Today London Stock Exchange-listed WH Smith issued a statement to the market admitting Funky Pigeon was "subject to a cyber security incident affecting part of its systems on Thursday 14 April 2022."

"We take the security of customer data extremely seriously," the statement added. "The company has temporarily suspended orders from the website and is currently is currently investigating the detail of the incident with external IT specialists.

"No customer payment data, such as bank account or credit card details, has been placed at risk – all of this data is processed securely via accredited third-parties and is securely encrypted."

It added in a statement to The Register: "We have taken our systems offline as a precaution... We are also writing to all customers over the last 12v months to inform them of these issues."

Resident techies and external help are "currently investigating the extent" to which customers' personal details – specifically names, addresses, email addresses, personalized cards and gift designs – were accessed.

The way the attackers entered the system was not confirmed by WH Smith, nor whether any demands were made. We have asked the company to comment further.

Just because Funky Pigeon's customers' payment data was not accessed by the attackers "doesn't mean it's in the clear yet," said Dominic Trott, UK product manager at Orange Cyberdefense.

"Consumers are becoming increasingly aware of the risk of cybercrime as it rises higher on the mainstream news agenda, so the incident could still have an impact on the company's reputation, and its consumers' willingness to spend," he added.

Bill Conner, CEO at SonicWall, said the attack is "another example of how relentless cybercriminals are in their search for profit."

"Holding victim organizations' business hostage uniquely impacts retailers and other organizations that provide daily, direct services to their customers. Such attacks directly affect the victim's revenue generation and thus provide additional leverage to the attackers.

"Hackers continue to mix and match malware ingredients deployed during the attack, as well as escalating their techniques from beyond phishing. Organizations need to protect their outward facing attack surface, but equally importantly, establish internal barriers to prevent lateral exploitation on which attackers rely to establish persistence and larger network access once they establish a foothold on a single system."

WH Smith told us: "We have also informed the relevant regulators and law enforcement authorities, and we will continue to review and update our protocols based on what we learn from this incident. ®

Broader topics

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading

Biting the hand that feeds IT © 1998–2022