Shoezone UK retail chain discloses cyberattack, data compromised


Shoezone, a popular discount footwear chain with hundreds of locations across the UK, filed a cyber breach notice with the London Stock Exchange on Thursday.

The high volume retailer reported it was “the subject of a cyber incident which has resulted in unauthorised access to certain online systems and data.”

Although light on specifics, the company did say “on becoming aware of the incident, Shoezone “took immediate steps to stop the unauthorised access to its systems and data” following already established security protocols.

The company’s website remains operational, and trade dealings with customers and suppliers were not interrupted, according to the notice.

“Shoe Zone is one of the UK’s largest footwear retailers, so this attack will cause serious concern for many of its customers, especially if their data has been stolen, said Cassius Edison, head of professional services at Closed Door Security.

A spokesperson for the footwear chain told Cybernews that Shoezone “will not be able to provide further comments at this time,” and referred us back to the June 27th Notice of Cyber Security Incident regulatory filing.

Edison also noted that although Shoezone said it does not expect to be materially impacted, “we have regularly seen things can change very quickly in breach forensics, so it might be some time before we know the full extent of this incident.”

Shoezone LSEG breach notice
Image by Cybenews.

Shoezone has not revealed what information may have been accessed in the breach, but said it takes “the privacy of customers' data very seriously and is committed to protecting customers' personal data.”

Headquartered in Leicester, Shoezone is one of the largest shoe chains in the UK, distributing more than 800,000 pairs of shoes per week, according to its website.

The company operates at least 330 retails stores in the UK, including 44 big box stores, lists over 2,500 employees, and has an annual revenue of around £75 million.

Customer, employee data most likely compromised

“At this stage, details into this incident are sparse, but given the company has informed the ICO of the breach, this suggests personal data of either employees or customers has been impacted, said Brian Boyd, head of technical delivery at i-confidential.

However, Boyd also pointed out that it is not clear "how the company has been impacted, and whether the incident was caused by an insider or a cybercriminal looking to financially benefit from the attack."

The retailer posted a notice on its website for customers concerned about their data being stolen by hackers, stating that any affected individuals will be notified as appropriate and per applicable regulations.

“In the rare occasion that your information has been involved in a data breach you will be contacted,” Shoezone said. Meantime, the company recommends customers the following steps for security purposes:

  • Change your Shoe Zone Account password
  • Inform your bank/credit card providers
  • Check bank accounts for suspicious activity

Edison says as a precaution, while Shoe Zone is investigating the incident, customers should not only update passwords for their Shoezone online accounts, but also update any other accounts using the same password.

"With cybercrime being such a major threat to businesses today, preparation for attacks is essential,” Edison said. On June 19th, Shoezone alerted customers its website was down on the social media platform X, but did not provide information on the cause of the outage.

"Fortunately, it sounds like Shoe Zone already has a proactive incident response plan in place, which has allowed the organization to step into action quickly - blocking the attacker and informing relevant parties about this incident," Boyd said.

"This reinforces the importance of having a well-rehearsed incident response plan in place," he said, adding that "when there are no delays in response because everyone knows their roles and responsibilities, damages are reduced."

Shoezone said it has brought in outside cybersecurity specialists to investigate and determine the impact of the breach, as well as reported the incident to the UK’s Information Commissioner's Office and National Cyber Security Centre.

Boyd pointed out that the Shoezone breach is another reminder that all organizations can be viable targets and therefore should be proactive with their defenses.

This means practicing good cyber hygiene, keeping systems up to date, keeping backups stored on-premises and in the cloud, as well as making sure all systems and devices are inventoried and secured, Boyd said.

“All employees should be regularly trained on how to recognize phishing emails, and incident response plans practiced and updated on a regular basis,” Boyd added.

The Company said it would provide further updates on the investigation when appropriate, providing a phone number and email to contact on its website for Shoezone customers who have further questions.