British delivery and logistics firm Yodel has been the victim of a cyber attack.
Services to customers have been affected and the online delivery tracking system has been down. The customer service helpline is also under maintenance”.
Industry observers say Hertfordshire-based Yodel could have been have been targeted by ransomware and advised transparency with customers.
Details of the attack are scant, including whether customer details have been compromised, but Yodel has confirmed it is a cyber attack.
It is not known when the hack happened or how long the response will last, although the delivery giant has assured its customers that it is “working around the clock” to resolve the issue.
The news of the attack leaked when the company privately messaged eBay sellers in a confidential message.
Yodel, which is now working with national AND governmental agencies, said in a statement: “Yodel has experienced a cyber incident that has caused some disruption. Yodel in a statement given to IT Pro. We are servicing customers but tracking is currently impacted.
“As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can and have engaged with all relevant authorities.
“Yodel would like to sincerely apologise to their clients and their customers for any disruption this incident may have caused, and reassure them that the team are working around the clock to resolve this incident.”
Yodel has informed and is dealing with the Information Commissioner’s Office (ICO), National Crime Agency (NCA), and the National Cyber Security Centre (NCSC).
The delivery company, which has its headquarters at Hatfield, has also taken the step on hiring a team of outside digital forensics experts, according to reports.
There have been complaints about a lack of transparency on social media from customers having trouble tracking items.
Martin Riley, Director of Managed Security Services at cyber firm Bridewell, told Security Journal UK: “It definitely appears to be a cyber incident rather than an outage due to the behaviour in handling the incident.
“If an outage had occurred, Yodel would have a disaster recovery plan in place and be able to provide details on what the problem is and when services can be expected to resume.
“The fact that they have declared it a cyber incident, engaged forensics, and are yet to provide further update suggests it’s serious.
“If it is a ransomware attack then Yodel are now likely to be at the mercy of the attackers and the effectiveness of their incident response plan.
“Or, in the negotiation stage over paying the ransom. That’s of course if they have a plan – our research shows that 62% don’t have a decision-maker plan over whether to pay a ransom or not.
“The important thing is that Yodel keeps customers updated moving forward. The worst thing companies can do in a situation like this is to go quiet. Honestly and transparency is key to maintaining customer trust and loyalty.”
Speaking to Computer Weekly Andy Kays, CEO at Socura, a company specialising in threat detection and incident response, said: “So far, Yodel has confirmed it has been the victim of a cyber incident in a message to customers and an FAQ on its site. We see a lot of companies mismanage the response process in the event of a cyber incident, especially how and when they communicate the news to customers. Yodel has not hesitated,” he said.
“It may not have been in a position to hold back the news, with deliveries being disrupted and delays occurring already.
“Fortunately, from the outside, it appears as though Yodel is doing everything by the book. It has alerted customers and authorities quickly and is being as transparent as possible. Its digital forensics team continue to investigate the cause and impact of the incident, but it bears all the hallmarks of being a yet another hugely disruptive ransomware incident.”