SPAR gives important customer update about 'ransomware attack' as it wrestles back control from hackers

Watch more of our videos on ShotsTV.com 
and on Freeview 262 or Freely 565
Visit Shots! now
SPAR has provided an important update for customers across Lancashire and Northern England, as the retailer wrestles back control of its IT system after a major cyber attack at the weekend.

Hackers brought down the retailer's IT system for the North of England on Sunday (December 5), affecting around 300 stores, including 25 in Lancashire.

It has led to widespread disruption across the chain of shops, with all branches losing access to tills, credit card readers and back office systems, and some stores having to shut completely.

Hide Ad
Hide Ad

For the past four days, most of the affected SPAR shops have remained open but have operated as cash-only, with some stores only selling essentials such as bread and milk.

Since the cyber attack on Sunday (December 5), most of the affected SPAR shops have remained open but have operated as cash-only, with some stores only selling essentials such as bread and milkSince the cyber attack on Sunday (December 5), most of the affected SPAR shops have remained open but have operated as cash-only, with some stores only selling essentials such as bread and milk
Since the cyber attack on Sunday (December 5), most of the affected SPAR shops have remained open but have operated as cash-only, with some stores only selling essentials such as bread and milk

But today (Thursday, December 9), its Preston-based distributors, James Hall & Co, said the firm has started to wrestle back control of its IT network from hackers.

It has now confirmed that it is dealing with a 'ransomware attack', meaning hackers have taken control of the IT system and are likely to have demanded payment in cryptocurrency (such as Bitcoin) in exchange for 'unlocking' the SPAR system.

James Hall & Co has not said whether any ransom has been paid, but says it has been working with cyber security specialists to take back control of its system.

Hide Ad
Hide Ad

Lancashire Police and the National Cyber Security Centre (NCSC, run by Government intelligence agency GCHQ) are also investigating, but both have declined to comment further on the cyber attack.

SPAR staff at the Penwortham store have been working hard to keep their shops running without the use of tills, card payments and back office systems. It was back to pen and paper!SPAR staff at the Penwortham store have been working hard to keep their shops running without the use of tills, card payments and back office systems. It was back to pen and paper!
SPAR staff at the Penwortham store have been working hard to keep their shops running without the use of tills, card payments and back office systems. It was back to pen and paper!

On the website of Britain's cyber security force, the agency says "it does not encourage, endorse, nor condone the payment of ransom demands", which often fund organised crime groups outside the UK.

You can find more information on ransomware attacks on its website here.

James Hall & Co said cyber security experts have been "working round the clock" to restore its IT system and some progress has been made.

Hide Ad
Hide Ad

The Lancashire distributor said it is now in a position to "start bringing affected stores back online", but did not say exactly when shops should be fully operational again.

The cyber attack led to widespread disruption across SPAR's chain of shops in Lancashire, with all branches losing access to tills, credit card readers and back office systemsThe cyber attack led to widespread disruption across SPAR's chain of shops in Lancashire, with all branches losing access to tills, credit card readers and back office systems
The cyber attack led to widespread disruption across SPAR's chain of shops in Lancashire, with all branches losing access to tills, credit card readers and back office systems

The firm has also offered some reassurance to customers concerned that their bank details might have been compromised by the cyber attack.

Asked whether customers' personal details had been accessed by hackers, it said "we have no reason to believe that James Hall & Co, SPAR or any of our customers were specifically targeted by this incident."

Full statement from SPAR distributor James Hall & Co

A spokesman for James Hall & Co said: "On Sunday (December 5) we identified a ransomware attack which affected a number of our SPAR stores across the north of England.

Hide Ad
Hide Ad

"We know how important local stores are to our communities and would like to apologise to our customers for any inconvenience.

"We immediately took the affected part of our system offline and began investigating alongside external cyber security specialists.

"On a precautionary basis we also took the rest of the James Hall & Co network down while we looked into the issue.

"As a result of these prompt and decisive steps, we are now able to start bringing our affected stores back online.

Hide Ad
Hide Ad

"This is our absolute priority and the team will be working round the clock to make as much progress as possible.

"It is vital that we do this safely and securely so we would like to thank customers for their patience and understanding while we complete this process over the coming days.

"It is important to note that we have no reason to believe that James Hall & Co, SPAR or any of our customers were specifically targeted by this incident and we are continuing to liaise closely with our stores, suppliers and the relevant authorities."

Related topics:

Comment Guidelines

National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.

News you can trust since 1886
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice