NEW YORK — Recent data breaches and cyberattacks involving major retailers have started to impact consumers. United Natural Foods, a leading wholesale distributor supplying Whole Foods and other grocers, reported this week that a security incident disrupted its order fulfillment capabilities, causing select items to be scarce in stores.
In the United Kingdom, customers were unable to shop online from Marks & Spencer for over six weeks and noticed fewer shopping options in stores due to a cyberattack on the retailer dealing in clothing, home goods, and food items. Similarly, a cyber incident targeting Co-op, a grocery chain also based in the UK, left several store shelves empty.
Cyberattacks continue to rise across all sectors, but violations of corporate technology systems pose particular challenges when directed at businesses providing goods or services directly to consumers. These breaches can not only hinder the sales of physical goods but also expose customers’ personal data to potential phishing schemes or fraud attempts. Here’s some crucial information you should know about the increasing cyber threats.
Experts point out that, despite efforts to reinforce cybersecurity measures, attacks continue to escalate. Over the last year, there has been a marked rise in the number of retail businesses falling victim to these breaches. Director of Information Security at the National Cybersecurity Alliance, Cliff Steinhauer, mentioned that cybercriminals are outpacing efforts to secure systems. Ransomware attacks are becoming more prevalent. These involve hackers demanding large payments to reinstate locked systems and now represent a larger portion of cybercrime. Retail isn’t the only sector impacted. The NCC Group, a global cybersecurity firm, notes that in April, industrial companies were the favorite targets, followed by those in the consumer discretionary sector.
Targeting popular brands and essential items compounds the effect of these attacks, creating chaos and pressuring impacted retailers, especially when ransom demands are made. Ade Clewlow from the NCC Group highlights the specific disruptions to food supply chains as cyberattacks on M&S and Co-op led to shortages in supermarkets, particularly in remote UK areas already facing limited stock.
Apart from operational disruptions, cyber breaches also pose a threat to customer data security. The compromised data could range from personal details like names and email addresses to sensitive credit card information. Experts emphasize the need for customers to remain vigilant. Clewlow advises heightened awareness “not just immediately but moving forward,” as fraudsters might misuse the data for fraudulent activities. Consumers may receive phishing emails resembling those from retailers, prompting them to change passwords or offering fake promotions to lure them into clicking potentially harmful links. It’s crucial to verify any suspicious communication directly with the retailer’s official website or contact lines. Refraining from reusing passwords across different sites is also a good practice, as attackers could use stolen information to access multiple accounts, employing a method called credential stuffing. Multifactor authentication and credit freezing are recommended for additional protection.
Several companies have recently faced cybersecurity incidents, disrupting operations. United Natural Foods, a prominent distributor for Whole Foods and various grocery chains in North America, discovered unauthorized activities on its network on June 5, leading to some systems going offline. This breach hampered the company’s ability to fulfill orders. United Natural Foods has been working to restore operations gradually, although some items remain scarce. A spokesperson from Whole Foods confirmed efforts to restock as quickly as possible. The grocer, owned by Amazon, has a distribution agreement with United Natural Foods extending until May 2032.
In addition, Victoria’s Secret detected a security breach last month, resulting in the temporary shutdown of its U.S. website for nearly four days and a pause in certain in-store services. The company subsequently disclosed that its corporate systems were also impacted, causing a delay in the release of its first-quarter earnings.
In the UK, businesses such as M&S, Harrods, and Co-op have all reported impacts from recent cyberattacks. M&S faced online order processing issues and store inventory shortages after an attack around Easter weekend. The company estimated financial losses of 300 million pounds ($400 million). Progress was noted, however, as M&S announced Tuesday the resumption of some online order operations, with further restoration anticipated in the coming weeks.
Data breaches have also affected brands like Adidas, The North Face, and reportedly Cartier, compromising some customer contact information. The North Face reported managing a small credential stuffing attack in April, impacting 1,500 customers but assuring no credit card data was compromised. Adidas revealed an unauthorized party accessed contact data via a third-party service provider.
It remains uncertain whether these incidents are interconnected. According to experts like Steinhauer, attackers sometimes exploit software vulnerabilities used by multiple organizations, though different tactics suggest possible involvement from disparate groups.
While companies’ responses to cyberattacks may vary, many initially avoid detailing whether ransomware was involved. However, Steinhauer notes that today’s cybersecurity landscape shows a high likelihood of ransomware attacks, often indicated by companies taking systems offline or postponing financial statements.
Experts stress the importance of enhancing cyber defenses and preparing organizations to treat cybersecurity as a critical business risk. Ade Clewlow advises that “cyber is a business risk, and it needs to be treated that way.”