Cyber attack forced over 300 Spar convenience stores to close
The supermarket chain Spar was forced to shut more than 300 of its branch stores in the north of England following an attack on its IT systems.
The incident happened on Sunday, with Spar’s technicians working to solve the issue. Threat actors blocked staff access to emails and left them unable to accept card payments. While some stores managed to quickly switch to an “only cash policy,” others were forced to close temporarily.
“Unfortunately due to a total IT outage affecting all our stores we have had to remain closed all day Sunday with no time set to be back on line - our apologies for the massive inconvenience to all our customers and store teams,” one of the company’s branches said on Twitter.
Founded in the Netherlands, Spar is a global chain that is represented in 48 countries. In the UK, it operates 2,600 stores and employs 40,000 people. As of now, it is unknown whether any sensitive information or customer data has been compromised in the attack.
"We apologise for the inconvenience this is causing our customers and we are working as quickly as possible to resolve the situation,” Spar’s official Twitter account reads.
The UK’s National Cyber Security Centre, which oversees and provides incident responses for critical businesses in the country, also commented on the situation by sharing how to act if similar attacks occur.
"We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident. The NCSC has published guidance for organisations on how to effectively detect, respond to and resolve cyber incidents," their spokesperson said, according to Sky News.
It is not uncommon for cybercriminals to target stores and major retail chains. Imperva’s 12-month analysis suggests that we will continue seeing more attacks of various nature on this industry as the holidays approach. According to the report, during the last year, the retail sector was hit by the largest volume of DDoS incidents on a monthly basis, with the US being the primary target. Similarly, the industry experienced the highest number of data exfiltration attacks in 2021 and general cyberattacks on websites in 2020.
"Cybercriminals, however, may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses," the FBI and Cybersecurity and Infrastructure Security Agency (CISA) jointly warned earlier this year.
More from CyberNews:
Subscribe to our newsletter