When did the breach occur?
We were the victim of a cyber-attack between 24 February 2017 14:07 and 11 April 2017 21:40. The data that was stolen could include customer information for anyone who placed an order at http://www.appleyardflowers.com and http://www.blossominggifts.com between these dates.
Are you notifying affected customers?
Yes, all affected customers are being notified.
What data could have been stolen?
The data that could have been compromised includes:
Personal information (name, billing address, email address, telephone number, password)
Payment card information.
Have the recipient details been accessed?
Delivery addresses were not compromised.
How do I know if my data was accessed?
We have notified all potentially affected customers by email, but anyone who placed an order between 24 February and 11 April should assume their data may have been compromised.
What actions have been taken?
We have taken all necessary measures and have stopped the breach. We have commissioned an independent investigation into the breach to verify the safety of our site. We have also notified Visa, Mastercard and American Express of compromised cards.
Have you notified the appropriate bodies?
We have advised the Information Commissioner’s Office, and reported the crime to the UK police through their Action Fraud department.
What steps should I take now to protect myself?
Firstly we would suggest you check your statement to see which card was used and look for unrecognised transactions, and then contact the card issuer to get a new card issued.
It would also be advisable to change the password for your Appleyard or Blossoming Gifts account, as well as any other account where you use the same password.
Click here to reset your Appleyard password
Click here to reset your Blossoming Gifts password
What should I do, if my details have already been used fraudulently?
Contact your bank immediately to advise them and see what they can do to help you. If you are in the UK, we would recommend you contact Action Fraud. You can get them on 0300 123 2040 or via www.actionfraud.police.uk. If you are resident overseas, contact the relevant law enforcement organisation.
The UK card association state that all victims of card fraud are legally protected and won’t suffer financial loss.This applies to both debit and credit cards.
I used PayPal. What information has been stolen?
If you used PayPal to pay for your order, your personal details (name, address, email address) were compromised but your payment details were not at risk.
I have further queries.
If you have any other questions please email [email protected].