Peter Green Chilled, a temperature-controlled logistics company serving major UK supermarkets, has reportedly been hit by a ransomware attack.
The company says it services all major grocers, including Marks & Spencer (M&S), Waitrose, Sainsbury’s, Tesco, Asda, Ocado, Co-op, and Morrisons.
In an email seen by the BBC which was sent last Thursday, the business revealed it had experienced a ransomware attack.
The logistics provider also explained that while prepared Wednesday orders would be sent out as usual, no orders would be processed on Thursday.
Peter Green Chilled confirmed to the broadcaster that the attack happened on Wednesday evening but did not share any further details about the incident.
“The transport activities of the business have continued unaffected throughout this incident,” Tom Binks, the company’s managing director, told the BBC.
The business also told BBC’s Wake Up to Money that its customers are “receiving regular updates” including “workarounds” on how to continue deliveries.
National Technology News has approached Peter Green Chilled for further comment.
The ransomware attack comes after British retailers M&S, Co-op, and Harrods all faced cyber-attacks in succession, leading some experts to say that this was a coordinated attack against the UK retail sector.
The breach at M&S, thought to have been carried out by teen hacking gang Scattered Spider, has since led to weeks of chaos at the department store chain.
The company experienced major disruption to its Click & Collect service and contactless payments, which led the retailer to completely pause e-commerce orders, block remote workers from accessing internal systems, and instruct hundreds of distribution centre agency staff to stay at home.
It last week confirmed that some personal customer data was stolen during the attack.
The High Street giant disclosed that personal information taken could include names, dates of birth, telephone numbers, home addresses, household information, email addresses and online order histories.
However, the company stressed that the data does not include useable payment or card details, which it does not hold on its systems, nor any account passwords.
Co-op was also hit by a cyber incident days after M&S, with the company pre-emptively withdrawing access to some of its systems.
While initially it seemed that the impact of the incident was minimal due to the company’s precautionary actions, it later found that the hackers were able to access and extract customer data from one of its systems.
Harrods became the third victim, with the luxury department restricting access to its websites in response to the incident.
“We recently experienced attempts to gain unauthorised access to some of our systems,” the company said in a statement at the time. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
Last week, Google’s cybersecurity team raised the alarm that the same hacking group behind recent attacks on British retailers is now targeting US stores.
The tech giant’s Threat Intelligence Group (GTIG) says “aggressive” hackers linked to the Scattered Spider collective, believed responsible for DragonForce ransomware attacks on M&S and Co-op, have shifted their focus to American retailers.
“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, chief analyst at GTIG wrote.
“The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note,” Hultquist said.
The luxury sector has also been targeted, with French fashion house Dior revealing on Wednesday last week that customer data had been stolen in a cyberattack.
The LVMH subsidiary said in a statement that “an unauthorised third party accessed certain customer data,” though it insisted no financial information was compromised.
The stolen information reportedly included names, email and postal addresses, and telephone numbers of clients.
The cyber attacks have caused significant disruption to British retail operations, with M&S still struggling to fully restore its online services and supply chain management.
