In its latest update about a cyberattack that hampered its web services and thinned grocery stock, Federated Co-operatives Limited says its websites are back online.
At the end of June, local Co-op stores and Federated Co-op announced they had been the target of a cyberattack that was impacting internal and customer-facing systems. It affected cardlock fuel locations and stock in some grocery stores.
From B.C. to Manitoba, Co-op has 274 grocery stores, 454 gas bars and 396 commercial cardlock fuel facilities.
According to its social media, Co-op has also restored its corporate and local websites, though online shopping is still unavailable.
Grocery supply — at least in Saskatoon stores — remained spotty on Wednesday.
“The shelves are a little emptier, but that’s pretty much it,” shopper Paulette Wallace said. She said she quickly noticed that the inventory had dwindled after the cyberattack, but it hasn’t affected her much.
“There’s some products I’d like to get, but they’re just not there,” said Rick Newell, another customer.
Co-op still investigating
Co-op communications director Brad DeLorey responded to an interview request with an email.
“As the investigation is ongoing I cannot at this time expand on details. We have been diligently working to restore complete operations throughout Western Canada. We are committed to providing updates and will continue to do so,” he said.
Cybersecurity expert Terry Cutler said that companies should have a playbook to ensure they’re managing cyberattacks without erasing evidence of how they were compromised.
“If it’s a ransomware attack, you are down for a minimum 100 hours,” Cutler said.
Others attacks can take months to resolve. That time is spent reinstalling systems, collecting evidence and, potentially, negotiating a ransom.
“Even if you paid, it doesn’t always come back properly, so now you’re forced to rebuild information manually.”
Cutler is the CEO at Cyology Labs, a cybersecurity company based out of Dorval, Que. He is an “ethical hacker,” who receives permission from companies to try to hack them to find holes in their security systems.
He said a lot of companies are going through data breaches because they haven’t put the time or money toward security or training employees how not to be fooled when criminals send a well-crafted email with an infected link.
“The average time, right now, that a hacker is in your system is 286 days before being detected,” Cutler said.
Last week, Federated Co-op posted on social media addressing online statements that data had been copied from its services and would allegedly be released.
“While it’s possible these allegations are related to the cybersecurity incident we previously experienced, we are still investigating with assistance from third-party experts. If the investigation determines that data was in fact compromised, as previously stated, we will take appropriate action,” the post said.