Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Three Hundred Spar Convenience Stores in UK Affected by Cyber Incident

Three hundred Spar convenience stores in the north of England have been affected by a cyberattack against wholesaler James Hall and Co. James Hall supplies produce to the stores, but also operates the IT and till systems.

Three hundred Spar convenience stores in the north of England have been affected by a cyberattack against wholesaler James Hall and Co. James Hall supplies produce to the stores, but also operates the IT and till systems.

The primary effect on the stores has been to prevent any payment card processing. Although some stores are remaining open for cash trade only, the majority have been forced to close.

Spar is one of the world’s largest retailers. It was founded in The Netherlands in 1932 and operates more than 13,000 franchise stores in nearly 50 countries. It has more than 2,500 stores in the UK, employing some 40,000 people.

At this stage, little is known about the cyberattack. The effect became known on Sunday, December 5, 2021, when one of the franchises tweeted, “Unfortunately due to a total IT outage affecting all our stores we have had to remain closed all day Sunday with no time set to be back online – our apologies for the massive inconvenience to all our customers and store teams.”

Spar referred SecurityWeek to James Hall for further information on the attack. At the time of writing, James Hall has not responded to any of our telephone calls, and its website is either down or has been taken offline.

Both the ICO and the NCSC have been informed of the incident, with the NCSC simply stating, “We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident.”

Although no information about the attack has yet been disclosed, a ransomware attack is possible – retail in the run-up to Christmas is a tempting target. “With the demand supermarkets experience over the holiday season, if they are hit by a ransomware attack, they are naturally desperate to recover as quickly as possible. It is, therefore, a big red target for many threat-actors who know that any ransom demand could be paid almost immediately,” comments Brooks Wallace, VP EMEA at Deep Instinct.

This would not be the first ransomware attack against a retail chain. In July this year, the Swedish Coop chain was forced to close many of its stores following a REvil ransomware attack exploiting a Kaseya vulnerability. The attack sounds remarkably similar. “One of our suppliers has been hit by an IT attack and therefore the cash registers do not work. We regret this and do everything to be able to open again soon. – Coop.”

Advertisement. Scroll to continue reading.

However, whatever the cause of the incident, it is also a further example of the supply chain effect. If the cause is nothing more than an IT failure at James Hall, the effect has spread to some 300 customer stores. If it is a cyberattack (ransomware or otherwise), it is not yet known whether the initial compromise was at James Hall or one of the franchise organizations. If the latter, the attackers were able to move up the chain to James Hall, and from there to affect all 300 stores.

Related: Cyber Defenders Should Prepare for Holiday Ransomware Attacks

Related: Costco Hit by Card Skimming Attack Heading Into Holiday Season

Related: CISA, FBI Warn of Increase in Ransomware Attacks on Holidays

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.