Multiple Location Supermarket Suffers Supply Chain Attack

A cyber attack has simultaneously hit more than 300 Spar convenience stores across the north of England in an apparent supply chain attack, forcing many of them to revert to cash-only payments while others chose to close their doors to customers. The attack hit the company’s computer systems, causing a “total IT outage” that has prevented staff from taking card payments and locked them out of emails.

The attack targeted James Hall & Company in Preston, Lancashire, which operates Spar's tills and IT systems and the affected stores have been able to handle card payments. The company supplies products to around 600 Spar stores. 

The UK  National Cyber Security Centre (NCSC) and Lancashire Police are investigating. A spokesman for Sparb said: "We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident... We are working to resolve this situation as quickly as possible."

This isn't the first time a supermarket chain has been brought to its knees by a cyber attack. In July hackers caused 500 Co-op stores in Sweden to close as tills and self-service machines were taken down as one of the international effects of the massive Kaseya supply chain attack. In that case, it was the Co-op supermarket's IT supplier that was hit with ransomware.

The question for James Hall is now the one all cyber attack victims dread - whether or not to to pay the  criminals to get the  shops back online?

For the hundreds of thousands of Spar customers affected by the hack the urgent question is when will their local stores open again?  It has more than 2,500 stores in the UK that employ about 40,000 people and has an annual turnover of more than £3bn. At the time of writing both the Spar and the James Hall &Co websites were inaccessible.

NCSC:     LEP:      ITPro:      ZDNet:    BBC:    Guardian:    Telegraph:     Times:    Cumbria Crack

You Might Also Read:

Why Is Retail Cyber Security So Weak?:

 

« Cyber Attacks Should Be The #1 Concern For Business Leaders
Twitter Takes-Down Thousands Of Propaganda Accounts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

Conceptivity +360 Cybersecurity

Conceptivity +360 Cybersecurity

Conceptivity +360 Security addresses advanced cybersecurity and supply chain security issues in policy, regulatory, legislation, standardisation, compliance and project management areas.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

CyberSN

CyberSN

CyberSN is your essential partner in cybersecurity workforce risk management offering solutions that empower leaders to diversify, acquire, retain, and develop their cybersecurity teams.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Quatrro Business Support Services (QBSS)

Quatrro Business Support Services (QBSS)

QBSS is a tech-enabled outsourcing firm that’s changing the way companies think about finance, accounting, human resources and technology services.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.