Yodel delivery service disrupted by cyber incident

Delivery service company Yodel has been hit by a suspected ransomware attack, leading to delays in parcel distribution and customers losing the ability to track orders online.

Yodel has not published any details of the attack itself, but confirmed there was an incident through an FAQ on its website.

“As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by a digital forensics group,” it said. “We are deploying all efforts to resolve the situation as quickly as possible and continue to work closely with authorities and law enforcement.”

It added that, while deliveries are continuing, there may be delays across its network, but that its parcel-tracking service “remains temporarily unavailable”.

It further warned customers to contact Yodel immediately in the event that someone purporting to be a Yodel employee asks for their personal information: “As always, Yodel encourages you to be alert to any unsolicited and unexpected communications that ask for your personal information or refer you to a webpage asking for personal information. Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses.”

Yodel claimed that no customer payment information had been affected because it does not hold or process this data.

According to Bleeping Computer, customers awaiting package delivery noted that Yodel’s systems went down sometime over the weekend (18 or 19 June 2022) and that they have not been able to receive information since then.

According to Andy Kays, CEO at Socura, a company specialising in threat detection and incident response, the incident response is on track, and the incident has the hallmarks of a ransomware attack.

“So far, Yodel has confirmed it has been the victim of a cyber incident in a message to customers and an FAQ on its site. We see a lot of companies mismanage the response process in the event of a cyber incident, especially how and when they communicate the news to customers. Yodel has not hesitated,” he said.

“It may not have been in a position to hold back the news, with deliveries being disrupted and delays occurring already. Fortunately, from the outside, it appears as though Yodel is doing everything by the book. It has alerted customers and authorities quickly and is being as transparent as possible. Its digital forensics team continue to investigate the cause and impact of the incident, but it bears all the hallmarks of being a yet another hugely disruptive ransomware incident.”

Others in the infosec community, including Kevin Beaumont, have also suggested the incident was a ransomware attack.

In response to Computer Weekly’s request for further information on the nature of the attack, a Yodel spokesperson said the company has “made significant progress in restoring a number of essential IT functions following the cyber incident”.

“Tracking services for clients and customers are once again ‘live’ and this will support the recovery of our regular operations and allow the business to begin to urgently tackle any delayed deliveries. We continue to monitor the tracking systems and expect to see further improvements as we return to normal,” the spokesperson added.

“This remains a complex situation, but rest assured all of Yodel’s management and people continue to work with clients and customers to meet their expectations and standards. Yodel is sincerely sorry for any disruption and inconvenience that may have been caused to clients and customers alike.”