Yodel experiencing service disruption following cyberattack
Company says it can't give customers a precise delivery slot
A cyberattack on Yodel is causing delays in the delivery of packages and disrupting online order tracking.
The firm acknowledged in a statement published on its website that it has suffered a service outage due to a cyber incident and that it was working to restore operations as quickly as possible.
Deliveries are still being made, it said, although there may be some network-wide delays, which means Yodel can't give customers a precise delivery slot.
The firm issued an apology, saying, it was sorry "for any inconvenience this may have caused" to customers.
Yodel claims that it began an investigation as soon as it became aware of the cyber incident.
An external IT forensics team is assisting Yodel's internal IT division, which is leading the investigation.
Customers of the firm have taken to social media to vent their frustrations over Yodel's inability to address their concerns about the delivery delays they have experienced.
The firm has not published details of the incident, including when it took place or what caused it, but they imply that client payment information has not been compromised since it is neither kept on their systems nor processed by them.
For would-be fraudsters, the customer names, email addresses, and contact details that the majority of delivery firms store would be a valuable resource for creating follow-on phishing emails.
Kevin Beaumont, a researcher specialising in cybersecurity, said on Tuesday that there were rumours circulating that Yodel had been the victim of a ransomware attack.
It appears that Yodel first sent private messages to eBay sellers informing them of the cyberattack, saying it was "working through the nature and full impact of the cyber incident."
Yodel has reportedly contacted the National Crime Agency, the Information Commissioner's Office (ICO) and the National Cyber Security Centre (NCSC).
It is recommending its customers not to reply to unsolicited emails that seek personal information or to redirect to web pages that need such data in order to proceed. "Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses," it said.
Yodel is the latest among the companies that have fallen prey to a cyberattack in recent months.
The incident serves as a reminder of the need of having both strong defences and a strong recovery plan, commented Neil Jones, director of cybersecurity evangelism at Egnyte.
"The latest cyberattack on Yodel demonstrates that all organisations need to make cybersecurity a boardroom priority, if they haven't done so already. For years, cybercriminals have attacked targets for financial gain, but now we're seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and rapid delivery supply chains."
Ransomware has been cited as a critical danger to UK companies by NCSC CEO Lindy Cameron on many occasions.
The number of ransomware incidents reported to the ICO in the first half of 2021 doubled compared to such incidents reported in the first half of 2020, British cybersecurity and data analytics firm CybSafe said in a report last year.
Phishing was found to be the primary vector for all cyber breaches reported in the first half of 2021, accounting for 40 per cent of all cyber incidents, compared to 44 per cent a year ago.
UK government's new Cyber Security Breaches Survey 2022 in March revealed that two in five UK businesses and one in three charities detected at least one cyberattack on their operations in the last 12 months. Thirty-nine per cent of organisations and 30% of charities said they were attacked in the last year.Almost one in three of those organisations (31%) and one in four of the charities (26%) said they faced breaches or attacks at least once a week.