The Works, a UK toy, book, and stationery seller, has had to shut several stores and temporarily halt replenishment supplies due to a cyber-attack. According to a recent statement, “unauthorised access to its computer systems” caused “limited disruption to trading and business operations.”
The Works, a seller of discounted crafts, toys, arts, books, and stationery online and via 527 physical stores, has stretched the delivery window for online purchases following the delays in replenishment supplies. The retailer said that “store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.”
According to the firm, customers “can continue to shop safely at The Works, both in store and online” because credit card data is processed by third-party networks and so is not a danger. The Works revealed that it had to close certain outlets due to cash register issues.
According to Avishai Avivi, CISO of US-Israeli cybersecurity firm SafeBreach, these point-of-sale (POS) systems might have been a vector for attack, similar to the 2013 Target hack through its ventilation, heating, and air conditioning system. The Works stated it had stopped all internal and external access to its systems, including email, after being notified about the breach by its security firewall.
The retailer had not yet determined the full degree to which any additional data had been impacted. Therefore, it has notified the Information Commissioner’s Office. Avivi said it is evident from the facts supplied that The Works does segregate its networks to prevent attackers from moving laterally from the network linking POS systems to other networks, including those for payment processing.
He also commended the retailer for putting what seemed to be a well-organized and well-tested incident response strategy. The Works stated that it does not expect the event to impact its financial predictions or position negatively. After being approached, The Works declined to comment more.