Spar convenience stores across the UK have either had to revert to cash-only payments or shut altogether following a cyber attack.
More than 300 stores across the North of England have been affected with point of sale devices taken offline, meaning the stores are unable to take card payments.
The attack is believed to have first hit James Hall & Company, a Lancashire-based wholesaler that services Spar UK stores, on Sunday. Its website is currently down with an Error 20, indicating a network failure.
The full extent of the attack is currently unclear but the company said the attack had affected all of its IT systems, including staff emails.
The National Cyber Security Centre (NCSC) is currently investigating the attack and said: "We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident."
A Spar spokesperson added: "We are working to resolve this situation as quickly as possible. It is currently impacting stores’ ability to process card payments meaning that a number of Spar stores are currently closed to shoppers or only taking cash payments.
"We apologise for the inconvenience this is causing our customers and we are working as quickly as possible to resolve the situation."
The nature of the attack is also currently unclear. Ransomware or not, the attack shows how quickly cyber criminals can infect a broad range of targets through a supply chain.
RELATED RESOURCE
How to reduce the risk of phishing and ransomware
Top security concerns and tips for mitigation
"This looks like a supply chain attack at first glance," said Brian Higgins, security specialist at Comparitech. "It’s very difficult to ensure that every link in the chain has appropriate cyber security measures in place and it only takes one vulnerable point to allow criminals into a network. Once they’re in, the knock-on effects can be catastrophic.
"The timing might also be indicative of a planned attack as most retailers don’t run a full back-office service at weekends," he added. "I’m sure there will be a full investigation but it can often be counterproductive to speculate on motive etc. during an ongoing incident."
It's not the first time a European supermarket has been caught up in a supply chain attack this year. Sweden's Coop stores were all hit with REvil ransomware in July this year, as a consequence of the Kaseya breach.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Using APIs to rewire supply chains in 2023In-depth Supply chains are on the mend after breaking down recently, and APIs are helping stakeholders get a better handle on data
-
Uber says compromised third-party to blame for data breachNews Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
-
SolarWinds hackers strike again with a new “MagicWeb” authentication exploitNews Microsoft warns MagicWeb can abuse admin credentials to hijack AD FS enterprise identity system
-
Former Apple worker alleged to have defrauded company out of $10 millionNews The man faces five federal charges after he is said to have exploited his position in Apple's Global Service Supply Chain
-
KP Snacks supply chain shut down by Conti ransomware attackNews Crippled IT systems are unable to process new orders "safely" and could be down until late-March
-
Majority of UK's top business leaders are failing to manage supply chain security risksNews New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains
-
Supply chain breaches impacted 97% of firms in the past yearNews New BlueVoyand research finds that supply chain security breaches are increasing
-
Managing security and risk across the IT supply chain: A practical approachWhitepaper Best practices for IT supply chain security
