Cyber Incident Victim: Wacoal Europe
Date:
Sep 2023
Location:
United Kingdom
Summary
A European subsidiary of a Japanese apparel company experienced a cyberattack causing significant operational disruptions, including website outages, disabled ordering systems, and impaired phone communications. The incident impacted retailers' ability to place orders, raising concerns about potential backlogs and financial consequences if prolonged. The affected organization proactively notified stakeholders about the breach and provided daily updates via email and phone while working with external experts to investigate the incident and restore systems. Internal assessments confirmed the attack was contained to the European subsidiary's network, with no compromise detected across the broader corporate group. The company publicly apologized for the disruption while evaluating potential financial implications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 19, 2023, Wacoal Europe, the UK-based subsidiary of Japanese apparel company Wacoal Holdings, experienced a cyber attack that disrupted its operational systems. The incident caused multiple brand websites—including Wacoal, Fantasie, Freya, and Elomi—to display "under maintenance" error messages, rendering them inaccessible. Internal network systems were compromised by unauthorized third-party access, affecting order processing capabilities, phone systems, and call transfer functionalities. Independent retailers reported immediate impacts, with one stockist noting the inability to place new orders due to system outages. Wacoal Europe notified affected business partners via email on the day of the attack, with daily updates provided through phone calls and follow-up communications. Retailers expressed concerns about potential financial losses if the disruption extended beyond a week, citing Wacoal’s typical 24-hour order turnaround time and anticipating order backlogs. One retailer confirmed no immediate delays but highlighted vulnerability in their fortnightly ordering schedule, while another emphasized operational dependencies on Wacoal’s systems for weekly stock replenishment.
Wacoal Holdings confirmed the breach publicly on September 26, 2023, clarifying that the incident was isolated to Wacoal Europe’s network and did not affect other group subsidiaries. External cybersecurity experts assisted in investigating the attack’s scope, restoring systems, and mitigating business disruptions. The parent company verified that no unauthorized access occurred outside Wacoal Europe’s infrastructure. Remediation efforts prioritized system recovery and stakeholder communication, with formal apologies issued to impacted retailers for operational inconveniences. The attack’s financial implications remained under assessment as of the latest disclosure, with no confirmed impact on Wacoal Holdings’ consolidated earnings forecasts. This incident followed a separate cyber attack one month earlier on Swan Retail, a fulfillment software provider serving approximately 300 UK retailers, though no direct connection between the two events was established in available reports.