Cyber Incident Victim: Metro Cash & Carry France

On October 17, 2022, Metro Cash & Carry France experienced a cyberattack that triggered significant operational disruptions across its stores. The attack caused a widespread IT system failure, directly impacting the company’s ability to conduct normal business activities. As the primary food supplier for restaurant professionals in France, Metro’s technical outage created immediate logistical challenges, including delays in order processing and inventory management. Stores reported visible operational chaos, with staff resorting to manual workarounds to partially maintain services. The incident occurred without prior public warning, suggesting an abrupt compromise of critical infrastructure. No specific details about the attack vector or perpetrator were disclosed in initial reports. The timing coincided with regular business hours, amplifying the disruption’s immediate visibility to customers and partners.

The cyberattack’s primary documented impact was the severe degradation of Metro’s supply chain operations, particularly affecting its restaurant clientele who rely on timely deliveries. While financial losses or data compromise weren’t explicitly quantified, the prolonged IT outage implied substantial productivity costs and potential revenue impacts. The company’s public communications confirmed the cyber incident as the root cause but did not elaborate on containment timelines or recovery procedures. Operational "chaos" persisted for an unspecified duration, indicating inadequate redundancy measures for critical systems. Metro’s status as a major B2B supplier magnified the incident’s sectoral implications, potentially disrupting hospitality businesses dependent on its distribution network. The absence of reported customer data breaches suggests the attack’s focus may have been operational disruption rather than information exfiltration.