Yodel is a UK-based delivery service company. Just recently, the company’s services were disrupted due to a cyberattack. As a result, there was a delay in parcel deliveries and receiving orders online.
Although the company hasn’t divulged any information regarding the incident as to when or how it happened, it has been implied that confidential information in terms of customer payment hasn’t been affected. That’s because the information isn’t stored on the system or processed by the company.
Customers awaiting their packages got generally worried, given Yodel’s tracking and customer services went down on the weekend. Many of the customers reported that they had no information whatsoever regarding the packages they were to receive for at least four days.
According to cybersecurity researcher Kevin Beaumont, there are rumors circulating about Yodel being hit by a ransomware attack, which is a plausible theory. Specifically taking into account how such hackers usually avoid encrypting victim computers during the weekdays, because then their hacking attempt is much more discoverable.
Apparently, Yodel originally informed eBay sellers about the cyberattack in private messages by saying that the company was “working through the nature and full impact of the cyber incident.”
They specifically stated that they were working together with an expert external party in order to get their systems back online.
Later on, Yodel posted its official statement on its website and confirmed that the service disruption was caused by a cyberattack. They also informed users that “parcels may arrive later than expected.”
In another post regarding the incident, Yodel advised their clients to avoid getting involved in unsolicited communication which requests their private information or any similar technique such as referring to web pages that require confidential information of the client.
“Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If you are asked for personal information by someone purporting to be Yodel employee, please let us know immediately.”
So far, Yodel hasn’t responded to any of the questions inquiring about the nature of the cyberattack or if they’ve found who was responsible for the cyberattack. Although the company has denied that the threat actors have stolen any confidential data, there’s a slight possibility they may have gotten their hands on something valuable to demand a ransom.
Whether Yodel will have repercussions to deal with in the near future or not remains a mystery still.