Cyber Incident Victim: Furniture Village
Date:
May 2021
Location:
United Kingdom
Summary
Furniture Village experienced a cyberattack that disrupted internal systems, including delivery coordination, phone services, and payment processing, forcing the company to take affected systems offline. The retailer confirmed no personal data was compromised and implemented manual workarounds to maintain operations while restoring functionality. Customers reported significant service disruptions, such as undelivered orders and unresolved communication issues, during the multi-day outage. While industry experts speculated the incident involved ransomware, the company did not confirm this or disclose whether law enforcement was involved.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Furniture Village, the UK's largest independent furniture retailer operating 54 stores, experienced a significant cyber incident beginning on or around May 29, 2021. The company initially described the event as "technical issues" affecting internal systems, with customers reporting immediate disruptions to phone services and payment processing capabilities. By May 31, these operational problems persisted, preventing the retailer from answering customer calls or processing transactions normally. The situation continued unresolved through June 3, when frustrated customers took to social media to report payment system failures, undelivered orders, and an inoperable voicemail system. One customer disclosed that a promised sofa delivery hadn't been manufactured despite prior confirmation, while another described being trapped in a call center loop. The retailer's website remained accessible throughout the incident, but critical backend systems including delivery coordination, telephony infrastructure, and payment processing remained offline for at least seven consecutive days.
On June 4, 2021, Furniture Village formally confirmed to media outlets that the outage resulted from a cyberattack, though specifics regarding the attack vector or perpetrators weren't disclosed. The company stated it immediately implemented security protocols upon detection, including deliberately shutting down affected systems to contain the incident's scope. Restoration efforts involved round-the-clock work by technical teams, with employees resorting to manual business processes to maintain limited operations during recovery. Furniture Village asserted that no personal data was compromised based on their preliminary investigation, though independent verification of this claim wasn't provided. The retailer declined to confirm whether law enforcement agencies were notified or if ransomware was involved, despite industry speculation about potential ransomware involvement based on the attack's duration and system encryption patterns. Operational impacts included widespread disruption to customer service, order fulfillment, and payment systems, with the company emphasizing its financial stability throughout the crisis while continuing restoration efforts beyond the initial week-long outage period.