"At the very least, one would expect the company to notify customers by email to let them know there's an issue, providing steps they can take to try and avoid falling foul of anybody using this for personal gain. Issues such as these can prove very costly to companies, and now the Information Commissioner's Office is looking at the details the fallout could be severe."
Founded during the dot-com boom and since sold on to photo printing firm PhotoBox, Moonpig is believed to have around three million registered accounts. Moonpig isn't the first major UK site to be shown to be insecure in recent times. In April 2014, Mumsnet was found to be at risk from the Heartbleed bug while in a particularly outrageous incident in August Irish betting site Paddy Power waited four years to inform its users of a breach dating back to 2010.
Sign up for CIO Asia eNewsletters.