This attack re-enforces the fact that attackers are increasingly targeting any organization that may have personal details either to use directly, or to reuse in attack against other sites. It is similar in vein to the attacks a few months ago against Deliveroo, and Camelot (the national lottery). 


It is essential that companies enforce strong threat detection controls so that any attacks can be quickly identified and responded to. In this case, Debenhams had outsourced the operation to a third-party supplier. In this case, it should have vetted the third-party beforehand and ensured it had adequate security controls in place.