Security Experts:

Connect with us

Hi, what are you looking for?



Three Hundred Spar Convenience Stores in UK Affected by Cyber Incident

Three hundred Spar convenience stores in the north of England have been affected by a cyberattack against wholesaler James Hall and Co. James Hall supplies produce to the stores, but also operates the IT and till systems.

Three hundred Spar convenience stores in the north of England have been affected by a cyberattack against wholesaler James Hall and Co. James Hall supplies produce to the stores, but also operates the IT and till systems.

The primary effect on the stores has been to prevent any payment card processing. Although some stores are remaining open for cash trade only, the majority have been forced to close.

Spar is one of the world’s largest retailers. It was founded in The Netherlands in 1932 and operates more than 13,000 franchise stores in nearly 50 countries. It has more than 2,500 stores in the UK, employing some 40,000 people.

At this stage, little is known about the cyberattack. The effect became known on Sunday, December 5, 2021, when one of the franchises tweeted, “Unfortunately due to a total IT outage affecting all our stores we have had to remain closed all day Sunday with no time set to be back online – our apologies for the massive inconvenience to all our customers and store teams.”

Spar referred SecurityWeek to James Hall for further information on the attack. At the time of writing, James Hall has not responded to any of our telephone calls, and its website is either down or has been taken offline.

Both the ICO and the NCSC have been informed of the incident, with the NCSC simply stating, “We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident.”

Although no information about the attack has yet been disclosed, a ransomware attack is possible – retail in the run-up to Christmas is a tempting target. “With the demand supermarkets experience over the holiday season, if they are hit by a ransomware attack, they are naturally desperate to recover as quickly as possible. It is, therefore, a big red target for many threat-actors who know that any ransom demand could be paid almost immediately,” comments Brooks Wallace, VP EMEA at Deep Instinct.

This would not be the first ransomware attack against a retail chain. In July this year, the Swedish Coop chain was forced to close many of its stores following a REvil ransomware attack exploiting a Kaseya vulnerability. The attack sounds remarkably similar. “One of our suppliers has been hit by an IT attack and therefore the cash registers do not work. We regret this and do everything to be able to open again soon. – Coop.”

However, whatever the cause of the incident, it is also a further example of the supply chain effect. If the cause is nothing more than an IT failure at James Hall, the effect has spread to some 300 customer stores. If it is a cyberattack (ransomware or otherwise), it is not yet known whether the initial compromise was at James Hall or one of the franchise organizations. If the latter, the attackers were able to move up the chain to James Hall, and from there to affect all 300 stores.

Related: Cyber Defenders Should Prepare for Holiday Ransomware Attacks

Related: Costco Hit by Card Skimming Attack Heading Into Holiday Season

Related: CISA, FBI Warn of Increase in Ransomware Attacks on Holidays

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.