UK parcel courier Yodel has suffered a cyberattack that is causing delays in the delivery of some packages and issues with tracking and other services.
The attack was first reported by cybersecurity researchers, as well as customers, who shared their private conversations with the company’s customer support agents.
Soon after, Yodel confirmed the rumors of a cyberattack on its endpoints, stating that “parcels may arrive later than expected”.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Customer data is safe
The company did not share any concrete details on the attack, so the identity and methodology of the attacker and purpose of the attack remain unclear.
However, knowing that the incident happened over the weekend and that it is yet to be fully resolved, researchers are speculating Yodel suffered a ransomware attack.
Yodel did confirm that customer payment information was not compromised, as it doesn’t store this kind of data. It also hinted that cyber-vultures started targeting Yodel’s customers with fake customer support offerings. In a blog post about the incident, the company told its customers not to fall for people pretending to be Yodel employees and asking for personal information.
“Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If you are asked for personal information by someone purporting to be a Yodel employee, please let us know immediately,” the announcement reads.
In the meantime, as the company works on resolving the problem, parcel tracking has been reactivated.
“We're working to restore our operations as quickly as possible but for now, you can track your parcel,” a short announcement on the Yodel website states. “Deliveries may arrive later than expected, we're sorry for any inconvenience this may have caused.”
A digital forensics group was brought in to help sort the issue, but there has been no mention of the involvement of law enforcement agencies.