Ace Hardware has officially acknowledged a cyberattack that has disrupted local stores and customers’ ability to place orders, necessitating the restoration of 196 servers.
Ace Hardware, a prominent cooperative owned by hardware store retailers, maintains a significant presence with 17 distribution centers and a vast network of 5,700 shops spanning the United States, China, Panama, and the UAE. With a workforce of 12,500 employees, the cooperative boasts an annual revenue exceeding $9 billion.
The emergence of reports detailing a cybersecurity incident impacting Ace Hardware surfaced on Reddit on Monday, revealing the content of a notice issued to retailers regarding a cyberattack that transpired over the weekend.
According to the notice, “On Sunday morning, we detected a cybersecurity incident that is impacting the majority of our IT systems.” The incident has led to the disruption or suspension of several critical operating systems, including ACENET, Warehouse Management Systems, Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards, and the Care Center’s phone system.
Scheduled deliveries have been significantly affected, prompting a request to retailers to temporarily halt additional order placements due to processing constraints.
In response to the situation, the company has engaged a team of IT experts to facilitate the restoration of the impacted systems. However, the rapidly evolving nature of the incident has made it challenging to provide precise details regarding the restoration process and the status of the systems.
An update released on Monday evening indicated that the outage would continue indefinitely. Retailers were advised to keep their stores open to serve customers, with the assurance that in-store point-of-sale (POS) systems and credit card processing remained unaffected.
While the online shop continues to provide product search and viewing capabilities, the ordering functionality remains disabled as the systems responsible for processing customer orders are yet to be fully restored.
As per recent online disclosures by Reddit users who claim to be store owners, all internal corporate systems at Ace Hardware remain inoperative, rendering them incapable of ordering products from warehouses or dropship points.
In an official announcement addressed to retailers and shared by BleepingComputer, Ace Hardware’s President and CEO, John Venhuizen, has shed light on the company’s IT infrastructure. Ace Hardware operates a complex network comprising 1,400 servers and 3,500 networked devices. Notably, 1,202 of these devices have been impacted by the cyberattack and required backups to be restored.
Within this subset of affected devices, 196 servers are currently undergoing the process of restoration. This measure is imperative to re-establish the seamless flow of order receipt, picking, and shipping.
John Venhuizen further disclosed that as of 5:31 AM, a significant milestone has been reached, with 51% of these servers successfully restored and currently undergoing certification by Ace’s IT department.
In a noteworthy display of transparency, the CEO concludes his communication by drawing a compelling analogy, characterizing the cyberattack as a battle of good versus evil. He unequivocally asserts that the attackers are no more than common criminals, emphasizing the dire consequences of their actions.
Venhuizen stated, “I’d like to end by reminding you that all of this frustration and all of this effort is the direct result of a malicious cyber attack on Ace.” He continued, “This was perpetuated by criminals. Though they are hiding in the shadows, they are no different than thugs who break into your store attempting to steal your stuff.”
“It’s a battle of good versus evil. The processes to recover are complex, the principles of this battle are not.”
“Good will ultimately triumph.”
Regrettably, while Ace Hardware diligently restores its devices to resume normal operations, opportunistic threat actors have seized the moment to exploit the situation.
Ace Hardware has issued a stern warning about threat actors resorting to phishing tactics, contacting Ace retailers, and pressuring them to redirect payments to an “alternative” electronic payment address until systems are fully reinstated.
Additionally, instances have arisen where attackers masquerade as representatives of the Epicor Software Corporation, a presumed Ace contractor, soliciting account credentials under the guise of network troubleshooting.
Ace Hardware has issued a cautionary notice to its retailers, underscoring the sobering reality that breaches can not only compromise immediate security but also lead to further downstream vulnerabilities.
This seems to be a trend among hardware stores. In 2014, Home Depot fell victim to a significant data breach that sent shockwaves through the retail industry. The breach exposed the personal and financial information of approximately 56 million customers, making it one of the largest data breaches in retail history. Cybercriminals exploited a vulnerability in Home Depot’s payment systems, allowing them to gain unauthorized access to customer data. The fallout from this breach led to extensive legal and financial repercussions for the company, including hefty settlements and an intensified focus on cybersecurity measures. The incident served as a stark reminder of the evolving threat landscape and the critical importance of safeguarding customer data in an increasingly digital retail environment.