The Works
(Wikipedia - CC BY-SA 4.0)

UK retail chain The Works announced it was forced to shut down several stores due to till issues caused by a cyber-security incident involving unauthorized access to its computer systems.

The discount retailer operates 530 stores in the United Kingdom and Ireland, selling books, toys, stationery, art, and craft materials, and has an annual revenue of about $300 million.

The announcement doesn't go into many details about the nature of the incident, but it appears to have interrupted replenishment deliveries, extended online order fulfillment times, and compromised the safety of payments.

Emergency measures

The Works has since switched to new third-party credit and debit card payment processors to address this last problem, which the company claims are safe.

"Customers can continue to shop safely at The Works, both in (physical) stores and online," mentions the firm's notice of the cyber security incident

"All debit and credit card payment data are processed securely outside the Group's systems, via accredited third-party networks and, therefore, there is no risk that this payment data has been accessed improperly."

The company also underlines that the network intruders do not seem to have accessed client payment data based on initial investigations of the attack.

However, the scenario of compromised customer information cannot be ruled out yet, so the Information Commissioner's Office has also been alerted about the incident.

The Works has taken a few emergency measures to deal with the cyberattack, such as disabling all internal and external access to IT systems and passing email communications to external providers.

The company has also appointed a team of forensics cyber security experts to investigate the impact of the incident and help with recovery.

Bleeping Computer has emailed The Works to learn more about the cyber attack, but we have not received a response yet.

In December 2021, a cyberattack against the IT systems of a SPAR distributor in the UK caused a similar result, forcing 330 stores in the country to close or switch to cash-only payments.

Card payment processing systems appear to be the first thing affected in these cyberattacks, primarily due to the overall compromise in IT system security.

Still, according to The Works, the ongoing situation is "unlikely to have a material adverse impact on its forecasts or financial position." That is to say, the business disruption will be minimal.

Related Articles:

Retail chain Hot Topic hit by new credential stuffing attacks

UK bakery Greggs is latest victim of recent POS system outages

What the Latest Ransomware Attacks Teach About Defending Networks

US govt probes if ransomware gang stole Change Healthcare data

US govt shares cyberattack defense tips for water utilities