Blooms Today Data Breach Leaked Info of 3.2 Million Customers

Online florist Blooms Today has been the latest victim of a significant data breach, exposing the personal information of over 3.2 million customers. The breach, which occurred in November 2023, was just confirmed by the data breach notification service Have I Been Pwned (HIBP), which got a copy of the stolen data listed on a popular hacking forum in April 2024.

The data set, first leaked on the Breach Forums by user “KryptonZambie,” included more than 15 million records, with 3.2 million unique email addresses. The exposed information includes customers' names, phone numbers, physical addresses, and partial credit card details, such as the card type, the last four digits of the card number, and the expiry date. Despite the exposure, the compromised credit card information is insufficient for unauthorized transactions, yet the leak still elevates the risk of financial fraud for impacted individuals.

Blooms Today, which specializes in delivering floral arrangements across the United States, is a prominent player in the online floral industry. The company, however, has not responded to any attempts to address the breach publicly, leaving customers in the dark about the measures being taken to secure their data. The lack of communication is concerning, given the scale of the breach and the potential implications for affected customers.

“KryptonZambie” initially reported the hack on Blooms Today on April 19, 2024, but followed up twice, on April 22 and August 22, with re-posts of the same database. The hacker claimed to have obtained a full database containing sensitive customer information and provided samples of the data to validate the breach. In all three cases, the data wasn't offered for sale but rather leaked for free to Breach members.

HIBP added the Blooms Today breach to its database earlier today, allowing users to check if their email addresses were included in the compromised data. Notably, HIBP said that 89% of the exposed email addresses were already present in their system, suggesting that many affected individuals had been involved in previous data breaches.

For individuals who suspect they may have been affected by this breach, it is crucial to take immediate steps to protect their information. Users should monitor their financial accounts closely for any unusual activity and consider placing a fraud alert on their credit reports. Additionally, updating passwords and enabling multi-factor authentication on online accounts can provide an extra layer of security.