Retail company Tesco has apologised after an attempted hack on its system caused major disruptions over the weekend.
The company’s website systems had supposedly crashed, and users were unable to access website services. Customers were unable to order groceries, interact with their online orders or track previous deliveries.
In a statement posted on Twitter on Saturday, Tesco apologised and said they were “having issues” with their website but were working to “get things back up and running”.
Tesco eventually upgraded the website issues from minor disruption to an attempted hack and stated that the disruption was caused by someone attempting to “interfere” with its systems.
A spokesperson for the company: “Since yesterday, we’ve been experiencing disruption to our online grocery website and app.
“An attempt was made to interfere with our systems, which has caused problems with the search function on the site. We’re working hard to fully restore all services and apologise for the inconvenience.
“There is no reason to believe that this issue impacts customer data and we continue to take ongoing action to make sure all data stays safe.”
We’re still experiencing disruption with our groceries website and app.
We’re working hard to get things back to normal, and we’re really sorry for the inconvenience. pic.twitter.com/vzWmlXIV7t
— Tesco (@Tesco) October 24, 2021
The hack attempt is just the latest in a series of high-profile system attacks that have occurred over the last 18 months in the wake of the coronavirus pandemic.
Although Tesco said that there was no evidence of private data being stolen, questions remain about what systems are in place to combat cyberthreats, and whether large companies like Tesco – a firm that holds important data on millions of customers – are doing enough.
The cyberattack is supposedly one of the worst on a British supermarket to date and is estimated to have cost the company £20m a day in lost revenue.
Commenting on the attack, Dominic Trott, UK Product Manager at Orange Cyberdefense, said: “At a time when retailers are increasingly relying on online sales, this attack will no doubt have had a significant impact on operations over the past couple of days.
“While we have no detail about the cause of this incident, over the past 18 months we have seen an increase in threats against large organisations as a result of changes to the network permitter due to the adoption of flexible and remote working.”
- What are the wider implications of ransomware payments?
- Old ransomware, new tricks | Minor hackers pose threat after Ryuk attack
- Data breach costs have broken records during coronavirus pandemic
Although details around the attack remain light, even before the pandemic, research from the UK Information Commissioner’s Office (ICO) found that human error was responsible for 90% of the UK’s cyber-data breaches in 2019.
According to data analysis firm CybSafe, nine out of 10 of the 2,376 data breaches reported to the organisation last year were due to mistakes made by end-users, an increase from the previous two years, when 61% and 87% of cyber breaches respectively were put down to user mistakes.
Trott said that over the last 18 months, as people started to move home for work and shopping during the pandemic, staff have now become easy targets for attackers to circumvent security systems.
“Employees now hold far greater responsibility with regards to company security,” Trott said. “Their endpoint devices – such as company laptops or phones, or personal devices they connect to the corporate network – are all potential gateways for cybercriminals.”
He added: “The human threat to cybersecurity is a risk that should be mitigated with both technology and training. As the vast majority of human error is unintentional, implementing ongoing training and awareness building is a crucial tool.
“This should include teaching employees to recognise phishing attempts and any malicious activity that may be aimed at exploiting those that may not have security front of mind.
“By doing this, businesses can make employees their first line of defence when it comes to endpoint protection.”
Get the latest news from DIGIT direct to your inbox
Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars.
We will keep you up to date on the pivotal issues impacting the sector and let you know about key upcoming events to ensure that you don’t miss out on what’s going on across the Scottish tech community.
Click here to subscribe.