James Hall lorry

Source: James Hall

The Lancashire-based wholesaler was first made aware of the cyberattack on 5 December

More than 300 James Hall-supplied Spar stores have fallen victim to a cyberattack, forcing a number of them to temporarily shut their doors.

The raid on the wholesaler’s IT systems has affected stores’ ability to process card payments, meaning those that have remained opened are taking cash only. It has also affected wholesale ordering functions and its manufacturing operations.

The Lancashire-based wholesaler was first made aware of the cyberattack on 5 December. Lawrence Hunt has been one of the independent retailers hit by the outage, closing its 25-store estate. It confirmed to The Grocer last night that they remained shut. 

James Hall said it was sorry for the inconvenience caused to its customers and thanked retailers for their patience as it worked to resolve the situation as soon as possible.

Cyber security expert Digital X Raid said the hack highlighted the current vulnerability of the retail industry, and the importance of a response strategy to reduce the impact of a breach.

CEO Rick Jones said: “This attack is particularly interesting given the franchise structure of the Spar organisation. It is likely that the hacker has targeted HQ servers and moved laterally across the IT systems in each branch – from the corporate network right through to the credit data environment.

“To best protect a business from this kind of movement, organisations should avoid a flat network architecture and implement well-defined separation policies. This can be the difference between one compromised device and a whole network breach. At a minimum, organisations should be ensuring they have the right playbooks and critical incident response procedures in place to combat an attack.”