Avon’s UK website offline a week after suffering cyber attack

Avon has been forced to shut down its UK website in the wake of a cyber attack on 8 June.

The organisation has revealed few details about the hack other than the fact that it “interrupted some systems and partially affected operations”.

Avon’s Argentinian, Brazilian, Polish and Romanian websites have also been affected.

The incident was identified after Avon distributors said they were having trouble accessing the organisation’s back end, where they file new product orders.

As of the time of writing, avon.uk.com is still offline.

Avon's UK website displays a message saying content is currently unavailable

Avon says its website will be “back soon” more than a week after it suffered a cyber attack.

What caused it?

Avon declined to provide specifics about the breach to distributors, the press or in either of its disclosures to the US SEC (Securities and Exchange Commission).

One report claimed that it was a ransomware attack carried out by the DoppelPaymer gang.

However, they are one of several ransomware gangs that have a website listing of organisations that they’ve compromised, and Avon is not currently on their list.

That said, ransomware remains the most likely explanation, given the nature of the disruption and Avon’s hesitance to provide details.

There is a huge stigma associated with paying ransoms, with experts saying that it fuels the cyber crime industry and could lead to future attacks.

It therefore makes sense that organisations wouldn’t want to disclose when they’ve been infected, as it creates a host of new problems.

Whether it was ransomware or not, there is some good news for Avon and its customers. Its second SEC filing reported that it was adamant that no financial data was involved, “as its main ecommerce website does not store that information”.

If that’s the case, the risks associated with the breach will be limited. Individuals will still have to be wary of phishing emails and other scams – particularly if password information has been compromised – but there is a less immediate threat of fraud.

All the latest cyber security news and advice

Do you want the latest advice on how to manage your cyber security risks? IT Governance regularly publishes webinars and green papers, providing free advice delivered by experts.

You might also want to sign up for our Weekly Round-up, which contains the latest cyber security news, advice and resources, as well as some of the best stories from around the web.

Subscribe to our Weekly Round-up

2 Comments

  1. Huet Bartels 19th June 2020
  2. Lesley Hudson 20th June 2020