Yodel becomes the latest victim of a cyber 'incident'

British parcel delivery firm 'working around the clock' to get systems back and running


Delivery company Yodel has found itself the latest victim of a cyber "incident" that has disrupted services.

Rooted firmly to the bottom of the table of best and worst courier firms by consumer campaigner Which? Yodel has gained popularity and, perhaps, a bit of notoriety in recent years as consumers turned to courier companies rather than venture into physical stores.

yodel

Click to enlarge

Exactly when security problems began is difficult to ascertain, since Yodel's social media voicebox is crammed full of disgruntled customers wondering where their products are (indeed, this writer had the joy of a piece of hardware being lifted from one of the company's depots back in 2019, but that's another story...).

However, by June 21 the company changed its customer service narrative to "Yodel is currently experiencing operational disruption affecting our delivery service."

Yodel's website was also updated to reflect that its services were not at all well.

The Register contacted the company to find out what was happening, and a spokesperson said: "Yodel has experienced a cyber incident that has caused some disruption. We are servicing customers but tracking is currently impacted.

"As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can and have engaged with all relevant authorities.

"Yodel would like to sincerely apologise to their clients and their customers for any disruption this incident may have caused, and reassure them that the team are working around the clock to resolve this incident."

Other communications were shared on social media, suggesting that the incident was indeed serious. The Register contacted the ICO for more information and will update with any response.

Yodel is part of Logistics Group Holdings, and according to Companies House filings [PDF], it recorded earnings before income tax, depreciation and amortisation of £65.7 million in fiscal 2021, up from £9.5 million in 2020.

Yodel is just the latest victim of a cyber "incident" and undoubtedly will not be the last. The company's experience is a reminder of the importance of both robust defences and a robust recovery plan.

As for its customers… well, far be it from us to wonder if a lack of service will be all that different to normal service. ®

Similar topics


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading

Biting the hand that feeds IT © 1998–2022