Spinneys suspects some customer data was compromised in last week’s cyber attack

Data stored for online delivery details may have been exposed, but no personal banking information was leaked, retailer says

Spinneys reported an online security incident last week to the Dubai Police e-crime department, which is investigating the matter. Antonie Robertson / The National
Powered by automated translation

Supermarket chain Spinneys confirmed on Friday that some customer data stored for online delivery details may have been exposed to hackers during a security incident last week.

However, the retailer said no personal banking information of customers had been compromised in the hacker attack on its internal retail servers.

“Subject to further investigation from our side, the data that might have been exposed include the name, email address, mobile number, delivery address and previous online delivery details [products, delivery time and order value] of customers who used our online shopping channels,” Spinneys said in an email to customers.

“No personal banking information was compromised as we do not store customer banking details on our servers.”

As more businesses adopt hybrid work models and undergo rapid digital transformation to cope with coronavirus challenges, they are also more exposed to cyber threats.

The attack by hackers last week was reported to the Dubai Police e-crime department, which is currently investigating the matter, Spinneys said in the email.

“Our team is working to assess the source and extent of the security breach. During our investigation, we found that the server that supports our order picking and delivery system was targeted,” the retailer said.

“At this stage, we do not believe that you need to take any specific action in relation to this incident, however, we highly advise that you always remain vigilant against cyber criminals. We recommend following the advice and guidance prepared by the Dubai Financial Services Authority to protect yourself from online scams.”

The retailer is conducting a thorough review of the potentially affected records and said it will notify customers if there are any significant developments, the email said.

“We are implementing additional security measures to control and prevent the recurrence of such attempts,” Spinneys added.

Cyber criminals are expected to attack a business, consumer or device every two seconds by 2031, New York-based research company Cybersecurity Ventures has said.

Ransomware damages cost the world about $20 billion in 2021, 57 times more than $325 million in 2015, it said.

No personal banking information was compromised as we do not store customer banking details on our servers

The company predicts ransomware will cost its victims about $265bn by 2031.

The retail sector faces several challenges, ranging from supply chain to security, said Emad Fahmy, systems engineering manager for the Middle East at Netscout, an advanced network detection and response platform.

"A key threat is DDoS [distributed denial-of-service] attacks, which can lead to costly downtime and lasting reputational damage. DDoS is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic," Mr Fahmy said.

Updated: July 22, 2022, 2:39 PM