The delivery service company Yodel has suffered a “cyber incident” resulting in widespread disruption.
Customers awaiting deliveries noted that Yodel’s systems were offline last weekend.
Yodel said: “We are working to restore our operations as quickly as possible but for now, order tracking remains unavailable and parcels may arrive later than expected.”
Although it is still able to make deliveries, Yodel has advised customers to expect delays across its network. The message can no longer be found the Yodel web site.
Yodel has not revealed the type of attack. However, it is thought to be a ransomware attack.
This is consistent with the few details Yodel has given. The damage appears to be related to service disruption and not an attempt to steal personal data.
Ransomware attacks generally consist of attackers planting malicious code on the victim’s systems which cripple services and encrypt files. The attackers then demand a payment, usually in bitcoin in exchange for a decryption key. However, these keys don’t always arrive as promised.
Many businesses do pay in order to get their systems running again, most cyber security experts urge against this. There is no guarantee that the attackers will keep their word once they have been paid, and even if they do, it only solves one part of the problem. It will still take days, if not weeks, to fully restore systems, and the organisation is still required to fulfil its data breach notification requirements.
Thus far, Yodel’s response to the attack appears to have been exemplary. On its website, it wrote: “As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by a digital forensics group. “We are deploying all efforts to resolve the situation as quickly as possible and continue to work closely with authorities and law enforcement.”
The GDPR requires that data breaches are made public and Yodel has complied with this. However, the announcement on their web site has now disappeared.
So, what now?
Yodel is currently investigating whether personal information was stolen in the attack. The organisation processes customer names, addresses, email addresses and telephone numbers, but not payment card information.
Nonetheless, even a name and email address can create consequences. Cyber criminals often use information stolen in a cyber-attack to create phishing scams related to the original attack. For example, the bogus message might state that the organisation has been hacked and urge the recipient to log on to their account to check whether they were affected. Sadly, many people fall for this and this exacerbates the problem.
In a message to customers, Yodel said: “As always, Yodel encourages you to be alert to any unsolicited and unexpected communications that ask for your personal information or refer you to a web page asking for personal information. Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If you are asked for personal information by someone purporting to be Yodel employee, please let us know immediately.”
Yodel’s response to this incident demonstrates how well the business understands the risks to its business and clearly had a plan in pace in the event of a breach . Its prompt response will ensure that it mitigates the financial damage while protecting its reputation Being a victim isn’t necessarily a sign of poor defences, but an appropriate response proves that you are doing everything you can to protect your customers.
Do you have a Breach Management Plan? How will you cope when it happens to you? And it might!
You need to be ready.
If you need help and guidance call us now, not when the breach has already happened. Of course we will help you no matter what the timing. However, it is better to prepare for a breach than trying to resolve the issue when it is too late.