Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with hackers ‘demanding payment’
A SUPPLIER to some of Britain’s biggest supermarkets has said it is being held to ransom after being hit by a cyber attack.
The news comes just weeks after M&S was struck by a separate cyber attack.
Peter Green Chilled has said that it is issuing “regular updates” to clients while the attack continues.
The company’s clients include major supermarkets such as Tesco, Aldi and Sainsbury’s.
Now, the distributor is implementing “workarounds” to continue deliveries.
However, one of its customers has said that thousands of products are at risk of going to waste.
The company announced that it had been struck by the cyber attack via an email sent on Thursday.
Peter Green Chilled has confirmed to the BBC that the attack occurred on Wednesday evening.
Its managing director, Tom Binks, has also issued an update on the situation.
He said: “The transport activities of the business have continued unaffected throughout this incident.”
The firm is based near Shepton Mallet, Somerset, and specialises in transporting food to regional stores.
Cyber attacks like this one involve hackers encrypting a victim’s data and locking them out of their own computer systems.
Often, they will demand money to release the victim’s files and data.
However, people affected by cyber attacks are advised to not pay their hackers and instead contact the manufacturer or operator of the affected website or device.
The news comes just a month after supermarket giant M&S battled with its own cyber attack – on the Easter weekend.
Analysts from the Bank of America projected that M&S had lost £40 million every week since the incident took place.
However, the supermarket has confirmed that “availability is now in a much more normal place with stores well stocked this weekend”.
Co-op has also battled with a cyber attack, which saw attackers accessing “data relating to a significant number of our current and past members”.
The company has since said that it has taken “proactive measures” to fight off the hackers and that the incident only had a “small impact” on operations.
Timeline of the M&S cyber attack
M&S were first struck by the cyber attack over the Easter weekend.
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the “cyber incident” in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms “minor, temporary changes” to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of “proactive management”.
- Wednesday, April 23: Despite earlier claims of customer-
- facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S’s share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.