"We are aware of claims re customer data and can confirm that all password and payment information is and has always been safe."
This was posted by Moonpig (one of the most well known companies that sell personalised greeting cards in the UK) on 6 Jan 2015. It was a response to a blog piece by Mr Paul Price, who first informed Moonpig of a flaw in their online security in August 2013...! Exasperated with Moonpig's lack of response to follow-ups, he exposed the problem to the world earlier this week.
According to the blog piece, anyone with a Moonpig account can have their personal details hacked very, very easily. Follow the link to read the blog piece. http://ow.ly/H2T5z