Yodel parcel delivery service experienced a cyber incident that caused delays and disrupted distribution and online order tracking.
Customers on social media complained that they had not received their packages for nearly a week and could not reach customer services.
The Liverpool, UK-based company delivers millions of parcels weekly from more than 50 locations and has more than 7,000 employees.
Yodel cyber incident to cause further delays
The company warned its customers that their deliveries might arrive later than expected, but was working hard to resolve the situation.
“Yodel would like to sincerely apologise to their clients and their customers for any disruption this incident may have caused, and reassure them that the team are working around the clock to resolve this incident” – Yodel’s spokesperson said.
Consequently, some Aldo, Argos, ASOS, M&S, Very, and Tu customers might wait longer for their goods to arrive.
However, the delivery service assured its clients that it was working with external forensics experts to restore online order tracking and had reported the cyber incident to authorities.
“As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can and have engaged with all relevant authorities,” the company said.
Meanwhile, Yodel warned its customers to avoid sharing personal details with strangers purporting to be Yodel staff and avoid clicking on suspicious links.
“As always, Yodel encourages you to be alert to any unsolicited and unexpected communications that ask for your personal information or refer you to a web page asking for personal information,” Yodel said, further advising its customers to “avoid responding to, clicking on links, or downloading attachments from suspicious email addresses.”
Fake delivery scams involve fraudsters alerting victims that their delivery service could not deliver their package. The scammers request advance payments or additional information to facilitate delivery.
The UK delivery service assured its customers no personal information was accessed during the cyber incident because it does not hold or process such data.
Another cyber attack targeting the supply chain
The Yodel cyber incident follows similar attacks targeting the supply chain grappling with the impacts of the pandemic and the Russian invasion of Ukraine.
In February, a cyber attack on the global logistics company Expeditors International of Washington disrupted deliveries for nearly a month. Expeditors International said the effects of the cyber incident that cost the company $60 million are still perceptible to date.
Still, in February, Swissport disclosed a ransomware attack that disrupted its operations, two months after Hellmann Worldwide disconnected its systems after detecting cyber intrusions.
“A cyber-attack on a delivery service provider, the backbone of commerce in 2022, will have far-reaching impacts,” Oliver Pinson-Roxburgh, CEO at Defense.com, said. “The likely significant disruption of deliveries could be one potential motivation for the attack.”
Yodel delivery service cyber incident was a suspected ransomware attack
Yodel delivery service has not disclosed the nature of the incident but experts suspect it was a ransomware attack. Cybersecurity researcher Kevin Beaumont hinted at a possible ransomware attack on Twitter.
Most ransomware attacks occur on weekends and holidays when offices are closed, giving attackers enough time to encrypt data. Additionally, encryption attacks usually involve extended disruptions as victims scramble to recover data and reconstruct their systems from backups.