The delivery service company Yodel has suffered a “cyber incident” resulting in widespread disruption.
Customers awaiting deliveries noted that Yodel’s systems went offline last weekend, and that they have been unable to receive updates since then.
In an message posted on its website, Yodel said: “We are working to restore our operations as quickly as possible but for now, order tracking remains unavailable and parcels may arrive later than expected.”
Although it is still able to make deliveries, Yodel has advised customers to expect delays across its network.
What went wrong?
Yodel has not said how it was attacked, but early reports suggest that it was targeted by ransomware.
This is consistent with the few details Yodel has given. The damage appears to be primarily related to service disruption, as opposed to the exfiltration of personal data.
With ransomware, attackers plant malicious code on the victim’s systems that cripples services and encrypts files. The attackers then demand a payment – typically paid in bitcoin – for a decryption key.
Although organisations might be tempted to pay up and get their systems running again, cyber security experts urge against this. There is no guarantee that the attackers will keep their word once they have been paid, and even if they do, it only solves one part of the problem.
It will still take days, if not weeks, to fully restore systems, and the organisation is still required to fulfil its data breach notification requirements.
- Channel 4 Under Fire Over “Emergency News” Stunt to Promote Cyber Attack Drama
- Brits Express Greater Concern Over Data Privacy as Cyber Attacks Soar
- UK Organisations at Risk of Cyber Attacks After Ukraine Invasion
So far, Yodel’s response to the attack has been exemplary. On its website, it wrote: “As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by a digital forensics group.
“We are deploying all efforts to resolve the situation as quickly as possible and continue to work closely with authorities and law enforcement.”
Andy Kays, the CEO of the cyber security organisation Socura, added: “We see a lot of companies mismanage the response process in the event of a cyber incident, especially how and when they communicate the news to customers. Yodel has not hesitated.
“It may not have been in a position to hold back the news, with deliveries being disrupted and delays occurring already. Fortunately, from the outside, it appears as though Yodel is doing everything by the book.
“It has alerted customers and authorities quickly and is being as transparent as possible. Its digital forensics team continue to investigate the cause and impact of the incident, but it bears all the hallmarks of being a yet another hugely disruptive ransomware incident.”
Yodel is currently investigating whether personal information was stolen in the attack. The organisation processes customer names, addresses, email addresses and telephone numbers, but not payment card information.
Nonetheless, even a name and email address could create knock-on effects. Fraudsters often use information stolen in a cyber attack to craft phishing scams related to the initial attack.
For example, the bogus message might state that the organisation has been hacked and urge the recipient to log on to their account to check whether they were affected.
In a message to customers, Yodel said: “As always, Yodel encourages you to be alert to any unsolicited and unexpected communications that ask for your personal information or refer you to a web page asking for personal information. Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses.”
It added: “If you are asked for personal information by someone purporting to be Yodel employee, please let us know immediately.”
Yodel’s response to this incident demonstrates the excellent job it has done in identifying the risks associated with cyber attacks. Its prompt response will ensure that it mitigates the financial damage while protecting its reputation.
Individuals are more aware than ever that cyber attacks can strike any organisation. Falling victim isn’t necessarily a sign of poor defences, but an effective response proves that you are doing everything in your power to protect customers.
If you’re looking for help addressing a cyber attack, IT Governance can help. Our Cyber Incident Response Service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.