Staples confirms cyberattack behind service outages, delivery issues

Staples confirms cyberattack behind service outages, delivery issues

November 30, 2023 at 12:26PM

After a cyberattack, Staples shut down systems to contain the breach and protect customer data, disrupting backend operations and delivery. Though stores remain open, online order processing is delayed. Staples is restoring systems and expects a return to normal operations soon without ransomware or file encryption.

Takeaways from Meeting Notes:

1. Cyberattack on Staples:
– Staples experienced a cyberattack earlier this week prompting them to temporarily take down certain systems to contain the breach and safeguard customer information.

2. Staples Business Information:
– The company operates 994 stores in the US and Canada, as well as 40 fulfillment centers.

3. Reported Technical Problems:
– Multiple Reddit reports indicated issues such as the inability to access Zendesk, employee VPN portals, email printing, phone lines, and more.
– Unconfirmed reports suggested Staples instructed employees to avoid using Microsoft 365 SSO, and call center workers were sent home for two days.

4. Company’s Response:
– Staples confirmed facing a “cybersecurity risk” and took protective actions to contain the incident, according to BleepingComputer.
– The response measures interfered with business operations, especially backend processing, product delivery, and customer communications.

5. Current Status of Operations:
– Physical stores are open and running.
– Staples.com may have delayed processing of orders due to impacted systems.
– The company is in the process of restoring systems and expects to return to normal functionality soon but anticipates short-term delays.

6. Company Communications:
– Staples has acknowledged the outage on its website and is assuring a swift restoration of services.

7. Nature of the Cyberattack:
– BleepingComputer reported no ransomware deployment nor file encryption occurred.
– Staples’ rapid response might have prevented the attack from reaching its final stages, potentially avoiding a more devastating outcome.

8. Historical Context of Cybersecurity Incidents:
– Staples-owned distributor Essendant experienced a multi-day outage affecting online orders in March 2023.
– In September 2020, Staples suffered a data breach due to an exploited vulnerability on an unpatched VPN endpoint.

Full Article