Discount retailer The Works hit by cyber attack

Discount retailer The Works has been forced to shutter five of its 500-plus stores amid a still-unfolding cyber attack that has disrupted point-of-sale (PoS) systems and other elements of its trading and business operations.

The Works, which specialises in art and craft supplies, stationery, books and toys, confirmed on 5 April that it had been subject to a cyber security incident in which an unknown actor gained unauthorised access to its systems.

A spokesperson said: “There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues. Replenishment deliveries to the group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.

“Customers can continue to shop safely at The Works, both in store and online. All debit and credit card payment data is processed securely outside the group’s systems, via accredited third-party networks and, therefore, there is no risk that this payment data has been accessed improperly.”

The Works said it was first alerted to the incident through its existing cyber security systems last week. As a precaution, it disabled all internal and external access to its systems and engaged forensic investigators to look into the incident.

It said that while it was certain payment data was safe, it had not yet established whether any other data assets have been affected, and as a result it has notified the incident to the Information Commissioner’s Office (ICO).

Although the attack bears the hallmarks of a ransomware heist, and is already being described in some quarters as a ransomware incident, it is important to note that no evidence has yet been made public to make a confident assessment that this is the case.

Indeed, Computer Weekly understands The Works has received no communication from its attackers, or ransom demand.

Trevor Dearing, Illumio director of critical infrastructure solutions, praised The Works for responding proactively and appropriately to the incident, although, he added, clearly the damage has already been done.

“The news of another cyber attack is unsurprising,” he said. “However, what might seem interesting in this case is the choice by cyber criminals to target The Works – a cut-price seller of books, crafts and toys – as opposed to the more ‘obvious’ target of banks and other high-profile organisations.

“Inconspicuous organisations like The Works will likely have smaller budgets dedicated to security when compared to larger organisations, and threat actors recognise that this allows them to breach systems more easily in their quest to acquire customer data and cause disruption, such as the store closures, the delayed resupply of stock, and online order delivery issues.”

Last week, a UK government report revealed that about one in three UK businesses experience a cyber attack on a weekly basis, with the vast majority starting with a simple phishing email. The average cost of an attack, spread out across all organisations, is set at £4,200, or £19,400 if only medium and large businesses are considered, although there is probably a vast amount of under-reporting, so the true figures are certainly higher.