Carpetright, a leading flooring retailer in the UK, was unable to process online or in-store orders for nearly a week due to a cyberattack.
Hackers targeted the company's head office, deploying malware to gain unauthorised access to systems.
The attack significantly impacted Carpetright's operations. Customers were unable to place orders through the company's 400 stores or website for nearly a week.
Additionally, the malware reportedly affected internal systems, with employees facing difficulties accessing payroll information.
According to Carpetright, the attack was contained before any customer or employee data was compromised. However, the incident highlights the growing threat of cyberattacks in the retail sector.
Industry analysts at leading data and analytics company GlobalData believe the cyberattack on Carpetright underscores the critical need for retailers to prioritise cybersecurity investments.
“The impact this attack has had on Carpetright’s current orders and its future reputation has come at a very inopportune time for the retailer,” said Matthew Walton, senior retail analyst at GlobalData.
“The floorcoverings market at the moment is very challenging – GlobalData forecasts that the market will contract by 2.5% in the first half of 2024. The negative impact of this attack may also encourage more shoppers to switch to other retailers including its closest rival Tapi, rather than wait for Carpetright to be able to process orders.”
Walton emphasised that cost-cutting measures shouldn't come at the expense of cybersecurity.
“Like many retailers, Carpetright has taken steps to reduce its costs recently to navigate a challenging big-ticket market and has already reportedly hired Teneo to explore possible cuts. However, this shows that whatever challenges retailers are under, they cannot afford to cut back on is cybersecurity.”
GlobalData's reference to Thales' 2022 Data Threat Report further strengthens the point. The report found that nearly half (45%) of retail respondents experienced an increase in cyberattacks, with over a third (32%) having already suffered a security breach.
The Carpetright incident serves as a stark reminder for retailers of all sizes. Robust cybersecurity measures and investments are no longer optional; they are essential for protecting business operations, customer data, and brand reputation.