Shoe retailers and brands selling online need to know that retail continues to be a sector that remains a key focus of cyber attacks and hackers.
Japanese retailer Muji, which includes apparel and footwear in its assortment mix, took its online operations offline following a malware attack on Askul Corp. over the weekend. Askul services the order acceptance and shipping processes for Muji and other retailers such as Japanese lifestyle specialty chain The Loft Co. The sites are still down as the Askul continues with efforts to resolve the ransomware attack.
That wasn’t the only outage this week. On Monday, Amazon’s own Amazon Web Services (AWS) had an issue that resulted in major online disruptions as AWS is the world’s largest cloud provider. The outage was connected to a misfiring of its domain name system (DNS). It doesn’t appear to be a either a hack or other cyber attack, but more an in-house technical issue involving the recognition of website domain names and their respective IP addresses. Social media apps such as Snapchat and Reddit were out of service, as were the platforms of many banks and financial services, airlines and some retail sites that include Verizon, Starbucks and delivery services such DoorDash and Grubhub. Even Amazon’s own e-commerce platform was down as well. By late Monday, most services were back in operation.
You May Also Like
In the shoe world this year, Adidas said in May that a cyber attack targeted consumers’ personal information. It also emphasized that financial data such as credit card and other payment-related information as well as passwords were “safe” from the breach. The German sportswear brand explained that an “unauthorized external party obtained certain consumer data through a third-party customer service provider.”
One month later, The North Face said it suffered a cyber attack that relied on “credential stuffing” in an attempt to gain access to customer log-in accounts. The outdoor brand said credit card data remained safe because that information is not stored on its site. It did warn customers not to recycle log-in information on its customer accounts. Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple sites. That’s why North Face parent VF Corp. encouraged its customers to “use a unique password” on its website.
The cyber attacks aren’t limited to just U.S. websites. Fashion firms overseas also saw their share of online security incidents. This past May, Harrods, Marks & Spencer and the Co-op Group in the U.K. all saw hackers targeting their online operations. And in May, Dior also confirmed that it too was impacted by a data breach involving its Chinese customer base.
Data breaches have been around for years. In 2013, American mass discounter Target Corp. suffered a breach that compromised 40 million credit card and debit card records, as well as 70 million customer records, when hackers gained access to the point-of-sale systems of one of the discounter’s vendors during the holiday season. It was also one of the costliest breaches as the mass discounter calculated the total cost of the breach at $202 million, which also resulted in lost sales as wary customers elected to shop elsewhere.
And with both the holiday-shopping season fast approaching and the latest ransomware attack on Muji’s logistics and delivery servicer Askul, some IT experts are warning all to be even more vigilant.
“This is another prime example of how far-reaching the consequences of a ransomware attack can be and highlights why sectors like retail and manufacturing remain a key focus for hackers,” Comparitech’s head of data research Rebecca Moody said. “While we don’t yet know which gang is responsible for the attack on Askul, you can bet your bottom dollar we’ll find out soon if ransom negotiations fail. It’s also likely that the hackers will have stolen data in the process of their attack, and with the size of Askul and the number of companies it deals with, this could be significant.”
“This is a different form of supply chain attack — the company is affected because a core service provider was compromised, rather than its own IT systems,” noted Martin Jartelius, AI product director at Outpost 24. He added that Muji was taking the right preventative actions and already has contingency and communication plans in motion. Jartelius also added that the “best way to fight ransomware” is to be prepared, recover quickly, work around disruptions and avoid paying the groups behind them.
“The reality of interconnected ecosystems is that you can have spotless internal controls and still be taken offline by a partner’s ransomware,” Javvad Malik, lead chief information security officer advisor at KnowBe4 said. “Customers don’t care whose network was hit, they only see that the service or product they need is unavailable and that impacts trust.”
Malik emphasized the need to map critical dependencies beyond IT to logistics and fulfillment, set minimum security baselines in contracts, and practice “supplier outage” playbooks. He also advised monitoring for brand impersonation during downtime, and pre‑agree data‑sharing in case of need for rapid joint incident response. “Ultimately, resilience must extend past your perimeter to the partners that support your operations,” he said.
