Key insights
Cybersecurity breaches have become a common occurrence in today’s retail world. Maintaining a robust security posture is essential.
Retailers handle sensitive customer data, making them prime targets for cyberattacks.
Compliance with PCI-DSS standards is essential for protecting cardholder data and avoiding fines and penalties.
Developing and implementing strong incident response plans can help sustain operational resilience in the face of cyber threats.
In an increasingly digital ecosystem, grocers and retailers rely heavily on technology, automation, and third-party vendors to run their business and serve their customers. This reliance increases the importance of managing cybersecurity risks.
This past holiday season, we saw examples of retailers being hit by cyberattacks during a traditionally inopportune time of year.
Explore real-world examples of recent cyber breaches, their impact on operations, and measures you can use to help improve cybersecurity. Understanding these key points can help your organization recognize potential threats, implement effective strategies to safeguard your data, and enhance the resilience of your operations.
Ahold Delhaize USA cybersecurity incident
Ahold Delhaize USA — a large retailer operating several grocery chains in the United States — experienced a cybersecurity issue impacting operations. A press release from Ahold Delhaize stated the company detected the issue in November and took systems offline to help protect them.
This has impacted “USA brands and services including a number of pharmacies and certain e-commerce operations.” The incident has impacted shipments of goods to grocery chains, as well as the ability to fill prescriptions.
One of the impacted grocery chains, Hannaford, released a statement on its website stating, “Because an investigation is ongoing, we’re not able to share additional details at this time.” No details related to the type of cybersecurity incident or its full impact have been disclosed.
Blue Yonder cybersecurity incident
In November, Blue Yonder — a large supply chain management company — experienced a ransomware attack impacting its managed services hosted environment. This had a trickle-down effect to customers such as Starbucks and several U.K.-based supermarkets. According to The Wall Street Journal, the system outage affected Starbucks’ ability to pay baristas and manage their schedules.
Blue Yonder released an update on its website stating that by mid-December most impacted customers had their services restored and the company was in the process of implementing new security measures to mitigate this type of threat.
Why cybersecurity risk management matters
Protecting sensitive data
Retailers handle sensitive information, including personal and financial data. It is common for retailers to have loyalty programs that collect data on their customers. This data can help companies be more efficient and drive growth, but it can also make them prime targets for cyberattacks.
Threat actors find various ways to monetize cyberattacks, disrupting operations by selling stolen data or locking up systems.
To help protect sensitive data, implement robust cybersecurity measures such as regular security audits, employee training on data protection, and the use of advanced encryption technologies.
Complying with contractual requirements
Companies that store, process, or transmit credit/debit card data are subject to the Payment Card Industry Data Security Standard (PCI-DSS). A data breach involving an organization’s card data can lead to fines or penalties.
Retailers that outsource payment processing and use PCI-approved point-to-point encryption (P2P2) payment terminals are still responsible for their PCI compliance and have requirements they need to meet.
Compliance is an ongoing process, but you can start by conducting a thorough assessment of your current systems and processes to help identify any gaps between existing practices and PCI-DSS standards.
Cybersecurity breaches can also disrupt supply chains and inventory management systems, leading to empty shelves and lost sales at grocery stores and other retailers.
Maintaining operational resilience
Disruptions caused by threat actors can severely impact a retailer’s operations. Ransomware is a common attack where the threat actor deploys malicious software encrypts systems and data, making the systems and data unusable. The threat actor then demands payment to decrypt or unlock the systems and data. A ransomware attack can be very costly, both from the ransom payment itself and the lost production when the business can’t use its technology.
This risk has evolved due to retailers’ increasing reliance on vendors and third parties. Threat actors are taking advantage of this by targeting vendors, which impacts the vendors’ customers.
To help sustain operational resilience, develop and implement robust incident response plans tailored to address ransomware attacks and breaches originating from third parties, including regular assessments and monitoring of third-party security practices.
Connect

David Anderson
Principal, Digital – Cybersecurity