European retailer Pepco hit by costly phishing attack

Pepco Group, a European retailer operating in 21 countries, has reported a phishing attack in its Hungary branch. It resulted in €15.5 million in losses before any potential recovery.

According to the company’s statement, it has been the target of a “sophisticated fraudulent phishing attack.”

“The attack resulted in a loss of approximately €15.5 million in cash before any potential recovery. It is unclear at this stage whether the funds can be recovered, although Pepco is pursuing various efforts through its banking partners and the police,” Pepco said.

The company says that the incident doesn’t appear to involve any customer, supplier, or colleague information or data at this stage.

Pepco is taking “necessary immediate steps to investigate and respond to the incident, to ensure the integrity of its group-wide IT and financial control environment.”

According to Pepco’s website, it now serves over 57 million shoppers monthly from 4,800 stores in 21 countries, offering apparel, household goods, and toys. The company-owned retail brands include Pepco, Poundland, and Dealz.

Pepco assured investors that their financial position is strong.

“The Group maintains a strong balance sheet with access today to over €400 million in available liquidity (from cash and credit facilities) and continues to generate strong cash flow from its operations,” the statement reads.

Irene Coyle, chief operating officer at OSP Cyber Academy, suspects that the incident may have involved business email compromise, which led to the accidental money transfer to fraudsters, Help Net Security reported.

Pepco is currently conducting a group-wide review of all systems and processes to secure its business more robustly and plans to provide further updates “when appropriate.”