Hackers have stolen the card details of thousands of customers buying flowers for loved ones over the busy festive period from UK commerce site the Great British Florist.
The firm says it was alerted to the breach on 30 January, after cards keyed in by customers shopping at the site started appearing in a rash of fraudulent payments.
In a letter sent to affected customers, the Great British Florist says: "Previously we found a piece of malware and removed it on the 5th of December and believed this would solve the whole situation. We notified everyone that could have been affected at that time, but unfortunately we believe we have been the victim of a very sophisticated cyber-crime which means that we now have some evidence that the hackers have managed to re-infect our website between 6th December 2018 until 31st January 2019."
After further inquiries from Finextra, the firm says that as it doesn't hold credit card details on site, the most likely way security was breached is that "as you enter your payment details they scraped that as it went to the payment gateway".