- The Japanese retailer Muji has been hit by ransomware attacks
- The attack was aimed at its logistics partner Askul
- This follows a series of third-party breaches affecting retailers and manufacturers
Muji has been forced to halt a large part of its operations after its delivery partner, Askul, was hit by a ransomware attack.
The Japanese clothing and home goods retailer confirmed that the incident has affected browsing, online purchases, order history through the Munji app and the viewing of web content.
If customer data has been compromised, especially personally identifiable information such as names, addresses, email addresses or even financial data – this can put customers at risk of identity theft as criminals can use their information to take out credit cards or loans.
Operating disturbances
“The ASKUL website is currently experiencing a system outage due to a ransomware infection, halting order acceptance and shipping operations,” confirmed Askul’s statement (translated via Google Translate).
“We are currently investigating the extent of the impact, including the leak of personal information and customer data, and will notify you as soon as it is clear,” Askul added.
Askul only provides e-commerce logistics to the Japanese division of Muji, so stores in other parts of the world appear to remain unaffected.
The series of vendor attacks brings to light the vulnerabilities of third-party vendors.
The incident is the latest in a seemingly endless string of ransomware attacks to hit high street stores and retailers.
Most recently, the Japanese beer giant Asahi and the car manufacturer Jaguar Land Rover had to stop production lines after serious cyber attacks.
These third-party breaches should serve as a wake-up call for modern cyber security teams and emphasize the need for vigilance, accountability and transparency.
The increased reliance on external vendors drastically increases the attack surface that malicious actors can target. Large retailers may have the budget and manpower to strengthen their cyber defenses – but smaller software, logistics or manufacturing companies may not have the same resources or protection.
The best protection against identity theft for all budgets
