European discount retailer Pepco Group this week revealed that its Hungarian business has lost a significant amount of money to cybercriminals.
The UK-based company reported losing €15.5 million (roughly $16.8 million) in cash as a result of a “sophisticated fraudulent phishing attack”.
An investigation has been launched and Pepco is working with banks and the police to recover the money, but the company says it’s currently unclear whether the funds can be recovered.
“At this stage, the incident does not appear to have involved any customer, supplier or colleague information or data,” the Pepco Group said.
“The Group maintains a strong balance sheet with access today to over €400 million in available liquidity (from cash and credit facilities) and continues to generate strong cash flow from its operations,” it added. “The Group takes financial controls and IT security extremely seriously and is currently conducting a group-wide review of all systems and processes to secure the business more robustly going forward.”
The Pepco Group owns the Pepco, Dealz and Poundland brands. The 3,600 Pepco stores spread across 19 European countries have more than 30 million customers every month.
Based on the company’s brief description of the incident and the amount that was lost, it may have been targeted in a business email compromise (BEC) scheme, where cybercriminals use hacked email accounts to trick the targeted organization’s employees into transferring money to bank accounts they control.
The FBI reported last year that global BEC losses reported over the past decade had totaled more than $50 billion across nearly 278,000 incidents.
SecurityWeek has reached out to Pepco for more information and will update this article if the company responds.
Related: Australia Dismantles BEC Group That Laundered $1.7 Million
Related: Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities
Related: Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
