Staples is still suffering disruption after being hit by a cyber-attack late last week, the retailer has revealed.
Phil Muncaster
UK / EMEA News Reporter, Infosecurity Magazine
The office supplies giant apologized to customers for any inconvenience, in an updated service message on its main website.
“We continue to experience disruption of our communications and our customer service lines. All other aspects of our order processing and delivery operations are functioning normally,” it said. “We are working diligently to restore our customer service lines and look forward to talking to you soon.”
Earlier reports said the cyber-attack, which was first revealed by the firm on Thursday, had caused temporary disruption to Staples’ processing and delivery at a critical time for retailers.
A statement sent to ABC News claimed the disruption was caused by the “proactive steps” the retailer took to “mitigate the impact and protect customer data.”
That would seem to suggest a ransomware attack, which often forces organizations to unplug systems from the internet to contain the spread of an attack.
In fact, much of the $100m that MGM Resorts claimed to have lost in a recent ransomware attack came as a result of disruption to services, including slot machines, that occurred when IT systems were taken offline.
“All of our systems are in the process of coming back online and we expect to return to normal functionality in short order,” a Staples spokesperson told the US news channel.
“We may experience slight delays in the interim but expect to ship all orders that have been placed. We apologize for any inconvenience this may have caused for our valued customers. While it is too early to make any definitive statements, we are optimistic that our quick action helped avert more serious consequences. We take seriously our responsibility to protect all of our data.”
Read more on retail cyber-threats: Three-Quarters of Retail Ransomware Attacks End in Encryption
Tamara Kirchleitner, senior intelligence operations analyst at Centripetal, said the breach of a large retailer should be a wake-up call to all organizations.
“It is important for businesses to remember that cybersecurity is an ongoing process and that proactive measures are far more effective and less costly than reactive measures,” she added. “Businesses must constantly be vigilant and adapt their security measures to the ever-changing threat landscape.”
Rick Jones, CEO of DigitalXRAID, argued that retailers in particular need to be vigilant at what is the most important time of the year for their business.
“Wily attackers know that December is the perfect time to strike to cause maximum disruption with minimal resistance, and businesses cannot afford to ignore the risk,” he added.
“Cybercriminals are likely to continue to exploit the holidays as an opportunity to strike when IT support teams are operating at reduced capacity.”
Image credit: rafapress / Shutterstock.com