A cyber-attack has forced UK toy, book, and stationery retailer The Works to close a number of stores and temporarily suspend replenishment deliveries.
According to a statement issued yesterday (April 5), “unauthorised access to its computer systems” caused “limited disruption to trading and business operations”.
The Works, which sells cut-price arts, crafts, toys, books, and stationery online and through 527 physical stores, has extended the delivery window for online orders after the disruption to replenishment deliveries.
The retailer said “store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced”.
Customers have been assured that they “can continue to shop safely at The Works, both in store and online”, with payment card data processed by third-party networks and therefore not at risk, said the company.
Point of assail?
The Works said it closed some stores due to problems with cash registers.
Avishai Avivi, CISO at US-Israeli cybersecurity company SafeBreach, speculated that these point-of-sale (POS) systems may have been a vector for compromise, likening this scenario to the 2013 hack of US retail giant Target via its heating, ventilation, and air conditioning system.
The Works said it had “disabled all internal and external access to its systems, including email”, after being alerted to the incident by its security firewall.
With forensic investigations ongoing, it had also “made some immediate protective changes to further strengthen its security position”.
The retailer had yet to “establish the full extent to which any other data may have been affected”, it continued, and had therefore informed the Information Commissioner’s Office.
Avivi said: “From the details provided, it is clear that The Works does segment their networks in a way that helps prevent attackers to move laterally” from the network connecting POS systems to other networks, including the network for payment processing.
He also praised the retailer for implementing what seemed to be “a well organised and tested incident response plan”.
The Works said it does not anticipate that the “incident will have a material adverse impact on its forecasts or financial position”.
The Works declined to comment further after being contacted by The Daily Swig.
Source: https://portswigger.net/daily-swig/uk-retailer-the-works-blames-store-closures-on-pos-problems-following-cyber-attack
