bloomstoday.com
Nov 11, 2023
In April 2024, approximately 15 million records from Blooms Today, an online florist, were listed for sale and leaked on BreachForums by threat actor @KryptonZambie. The breach contained data as recent as November 2023 and exposed approximately 3.2 million unique email addresses, names, phone numbers, physical addresses, and partial credit card data (card type, last 4 digits, and expiry date). Blooms Today did not respond to disclosure inquiries. The breach is indexed on Have I Been Pwned.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
BloomsToday__Info.txt12 columns16 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | firstName | high | [1] header 'f_name', values are given names (KATHLEEN, DONALD, NICOLE, etc.) |
| 2 | lastName | high | [2] header 'l_name', values are surnames (BESOUSHKO, BUSER, HARPER, etc.) |
| 3 | address1 | high | [3] header 'address', values are street addresses (212 STIRRUP RD, 3581 SOUTH OCEAN BLVD, etc.) |
| 4 | address2 | high | [4] header 'address2', secondary address component (mostly empty but present for apt/suite data) |
| 5 | city | high | [5] header 'city', values are city names (LOGAN TOWNSHIP, SOUTH PALM BEACH, ATLANTA, etc.) |
| 6 | state | high | [6] header 'state', values are US state abbreviations (NJ, FL, GA, IL, etc.) |
| 7 | zip | high | [7] header 'postcode', values are 5-digit ZIP codes (08085, 33480, 30331, etc.) |
| 8 | country | high | [8] header 'country', values are country codes/names (USA) |
| 10 | phone | high | [10] header 'phone', values are 10-digit phone numbers in NPA-NXX-XXXX format (856-979-1313, 561-533-7203, etc.) |
| 14 | high | [14] header 'email', values contain @ sign ([email protected], [email protected], etc.) | |
| 18 | fullName | high | [18] header 'cardname', values are full names matching card holder names (KATHLEEN BESOUSHKO, DONALD BUSER, etc.) |
| 25 | facebookId | high | [25] header 'facebook_id', values are numeric IDs (0 is placeholder/null) |
Notes: 28 columns total, 12 contain PII. Columns skipped: id (internal record ID), paid_type (transaction type flag), workphone/mobilephone (empty or duplicate of phone), comments (free text), accountno (internal account ID), cardno (tokenized/masked, no full card data exposed per breach description), cardexpires (expiry date component, financial), cardcvn (CVN, financial), vatnumber (business ID), evening_phone (duplicate phone), when_created (timestamp), phone_ext (extension, non-PII), refund_wallet (financial flag), company (business name per exclusion rule). Breach context confirms: email, names, phone, physical addresses, and partial credit card data (last 4 digits + type + expiry) were exposed. Full card numbers not present in this sample.
BloomsToday__data__customer_arch.csv11 columns15,386,827 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | firstName | high | [1] header 'f_name', values are given names (KATHLEEN, DONALD, NICOLE, MARK) |
| 2 | lastName | high | [2] header 'l_name', values are surnames (BESOUSHKO, BUSER, HARPER, ALTON, GEUARRY) |
| 3 | address1 | high | [3] header 'address', values are street addresses (212 STIRRUP RD, 3581 SOUTH OCEAN BLVD) |
| 4 | address2 | high | [4] header 'address2', secondary address field (currently empty in sample but mapped by header) |
| 5 | city | high | [5] header 'city', values are city names (LOGAN TOWNSHIP, SOUTH PALM BEACH, ATLANTA) |
| 6 | state | high | [6] header 'state', values are US state abbreviations (NJ, FL, GA, IL, VA) |
| 7 | zip | high | [7] header 'postcode', values are 5-digit ZIP codes (08085, 33480, 30331) |
| 8 | country | high | [8] header 'country', values are country names (USA) |
| 10 | phone | high | [10] header 'phone', values are 10-digit phone numbers in XXX-XXX-XXXX format (856-979-1313, 561-533-7203) |
| 14 | high | [14] header 'email', values contain @ sign and email format ([email protected], [email protected]) | |
| 25 | facebookId | medium | [25] header 'facebook_id', values are '0' (placeholder/null but field maps to facebookId) |
Notes: 28 columns total, 11 contain PII. Columns [0] (id), [9] (company), [11-12] (workphone/mobilephone empty), [13] (paid_type), [15-23] (cardno/cardname/cardexpires/cardcvn/vatnumber/cardtype/evening_phone/when_created/phone_ext/refund_wallet) skipped as non-PII, financial data, timestamps, or internal flags. Breach contains ~15M records with names, addresses, phones, emails from Blooms Today florist (April 2024).