Multiple Location Supermarket Suffers Supply Chain Attack

Uploaded on 2021-12-07 in TECHNOLOGY--Hackers, FREE TO VIEW

A cyber attack has simultaneously hit more than 300 Spar convenience stores across the north of England in an apparent supply chain attack, forcing many of them to revert to cash-only payments while others chose to close their doors to customers. The attack hit the company’s computer systems, causing a “total IT outage” that has prevented staff from taking card payments and locked them out of emails.

The attack targeted James Hall & Company in Preston, Lancashire, which operates Spar's tills and IT systems and the affected stores have been able to handle card payments. The company supplies products to around 600 Spar stores. 

The UK  National Cyber Security Centre (NCSC) and Lancashire Police are investigating. A spokesman for Sparb said: "We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident... We are working to resolve this situation as quickly as possible."

This isn't the first time a supermarket chain has been brought to its knees by a cyber attack. In July hackers caused 500 Co-op stores in Sweden to close as tills and self-service machines were taken down as one of the international effects of the massive Kaseya supply chain attack. In that case, it was the Co-op supermarket's IT supplier that was hit with ransomware.

The question for James Hall is now the one all cyber attack victims dread - whether or not to to pay the  criminals to get the  shops back online?

For the hundreds of thousands of Spar customers affected by the hack the urgent question is when will their local stores open again?  It has more than 2,500 stores in the UK that employ about 40,000 people and has an annual turnover of more than £3bn. At the time of writing both the Spar and the James Hall &Co websites were inaccessible.

NCSC:     LEP:      ITPro:      ZDNet:    BBC:    Guardian:    Telegraph:     Times:    Cumbria Crack

You Might Also Read:

Why Is Retail Cyber Security So Weak?:

 

« Cyber Attacks Should Be The #1 Concern For Business Leaders
Twitter Takes-Down Thousands Of Propaganda Accounts »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Messageware

Messageware

Messageware is a world leader in Microsoft Exchange security.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Tecnalia Cyber-Security & Safety

Tecnalia Cyber-Security & Safety

Tecnalia’s Cyber-Security and Safety Research Group works on integrated security and safety technologies designed to protect networks, computers, devices, programs and data from attack.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

ShorePoint

ShorePoint

ShorePoint helps customers focus on visibility, analytics and context to make timely and informed risk-based decisions to protect their infrastructure.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

IT-Seal

IT-Seal

IT-Seal GmbH specializes in sustainable security culture and awareness training.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

Downdetector

Downdetector

Downdetector Enterprise provides operational monitoring, automated alerting, visibility into third-party services and real-time incident analysis.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.