UK baby care supplier Pramworld has admitted that a breach of its systems was the reason customers were sent spam emails on Friday.
In a statement supplied to El Reg (below), Pramworld admitted its mailing list had been compromised while downplaying the problem and offering reassurance that payment information had not been exposed.
On the 16 September Winstanleys Pramworld was compromised and an attacker gained access to our system. The attacker amended previous customer orders with a link based comment which resulted in an automated email being sent.
On intensive and rapid investigation we have ascertained that none of our customer details or payment information were compromised and can confirm the issue has been resolved and preventative measures have been put in place to ensure that this does not happen in the future.
We would like to thank our customers for their understanding at this time and assure them that their personal information is safe.
El Reg began looking into the incident after two of Pramworld’s customers forwarded apparent phishing spam emails. Matthew, one of those affected, characterised the unwelcome message as a “targeted phishing email including my personal details [and] account order number”.
To its credit, Pramworld responded promptly to our request to shed some light on the situation. ®