back to article Funky Pigeon pauses all orders after 'security incident'

British retailer WH Smith has confirmed that Funky Pigeon, its online greetings card and gift subsidiary, has halted all further orders after a "security incident." The company's social media feeds told customers late last week that "technical issues" were delaying new business being processed. Today London Stock Exchange- …

  1. Anonymous Coward
    Anonymous Coward

    What is it with online card companies and crap InfoSec?

    Moonpig had it's issues too.

    1. Cuddles

      What is it with online card companies and crap infosec?

      A minor correction. I doubt card companies are significantly better or worse than any other kind.

  2. Mike 137 Silver badge

    "We take the security of customer data extremely seriously"

    Translation: "Oh sh*t, we got caught out"

    This statement never convinces anybody, so why does every business trot it out after a data breach? Maybe due to the same disconnect from reality that allowed the breach to occur in the first place.

    1. Flywheel
      FAIL

      Re: "We take the security of customer data extremely seriously"

      why does every business trot it out

      It's like the infamous "remorse" statement in alleged British Justice: "My client pleads guilty to attacking 27 people Your Honour, but has demonstrated remorse".

      Absolute b0ll0cks of course, but it's an expected thing now.

  3. Duffaboy

    That might explain my constant account lockouts

    Last week my account was locked out even after a password reset and a correct login attempt, something was amiss

  4. Cav Bronze badge

    Whatever man can make, man can break.

    I think most places do take customer data security seriously. But anyone can be caught out. One exploited zero day, one idiot user clicking the wrong thing, one incompetent developer, one greedy\disgruntled\vengeful insider, that's all it takes. If it's online, someone determined will find a way to breach the defenses.

    1. katrinab Silver badge
      Mushroom

      We are talking about WH Smiths. Have you seen the state of their shops? Do you think they take IT maintenance any more seriously than physical maintenance?

  5. heyrick Silver badge

    Funky Pigeon?

    Who names these companies...

    1. John Brown (no body) Silver badge

      Re: Funky Pigeon?

      Hipsters with beards, fresh out of university, still running in "student mode".

    2. DomDF

      Re: Funky Pigeon?

      A pair of dice with random words on them. I think W H Smith even stock something like that.

      1. Captain Scarlet Silver badge

        Re: Funky Pigeon?

        I seem to remember getting some Only Fools and Horses fluffy car dice as a christmas present from WH Smiths many years ago.

        Not good though, the dots fell off.

  6. Anonymous Coward
    Facepalm

    Check

    PR Checklist

    "We take the security of customer data extremely seriously" Check.

    "[We are] currently investigating the detail of the incident with external IT specialists." Check

    "No customer payment data ... has been placed at risk." Check.

    "[We are] currently investigating the extent to which customers' personal details ... were accessed." Check.

    Yet to come "we have discovered a limited number of accounts had their personal data compromised."

    Finally "We have identified a limited number of accounts whose payment data was compromised."

    1. katrinab Silver badge
      Megaphone

      Re: Check

      The limit of course being the total number of accounts in existence.

  7. JWLong

    Funky Pigeon

    I will never type any name close to being that stupid sounding into to an address bar.

    1. Anonymous Coward
      Alert

      Re: Funky Pigeon

      ... whilst stroking my pet vulture

    2. Flywheel
      Facepalm

      Re: Funky Pigeon

      boomf.com still works...

  8. RichardTheGeek

    Slightly unfair

    There are a lot of negative comments which I feel are slightly unfair. I've never used Funky Pigeon, and forget the last time I went into a WHSmith, but in today's world it's generally recognised as a case of 'when' not 'if' a company is going to suffer some form of a cyber incident. Without knowing the facts, as an Info Sec manager for a retailer, I can only watch with sympathy from the sidelines as another company falls victim with the negative publicity that ensues. However much is invested in cyber security, this could happen to any company as is proven each time there's a headline like this.

    With regards to their PR template, they're damned if they do, damned if they don't say something. They'd be equally criticised if they didn't roll out the standard "customers' data is important to us..." and said nothing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like