Cyber Incident Victim: Lumber Liquidators
Date:
Aug 2019
Location:
United States of America
Summary
A North American flooring retailer experienced a malware attack that disrupted its network and disabled corporate and store systems nationwide for nearly a week. The company detected symptoms of infection, initiated incident response procedures with internal and external experts, and restored operations including point-of-sale transaction capabilities within days. Investigations found no evidence of compromised consumer or employee data, noting sensitive information was stored externally with additional security protections. Leadership emphasized maintaining customer service throughout the incident and acknowledged employee efforts to mitigate operational impacts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 21, 2019, at approximately 9:15 AM, Lumber Liquidators detected malware symptoms disrupting its nationwide network and computer systems, triggering an immediate incident response. The malware disabled certain corporate and store systems across the company’s 416 North American locations, impacting operational capabilities for nearly a week. The retailer’s IT staff identified indicators of infection during routine monitoring, prompting collaboration with external cybersecurity experts to investigate the breach’s scope and origin. Remediation efforts commenced without delay, focusing on isolating affected systems and restoring critical functions. The attack impaired the Point-of-Sale (PoS) network, hindering transaction processing at retail stores and disrupting corporate operations. Despite these challenges, the company prioritized maintaining customer service through alternative methods while technical teams worked to contain the malware’s spread. No specific malware family or attack vector was disclosed publicly, though the incident’s duration indicated significant infrastructure compromise requiring coordinated recovery efforts.
Lumber Liquidators fully restored network operations by August 27, 2019, with minimal exceptions, including reactivating the PoS systems to resume normal transactions. Internal and external investigators found no evidence that consumer or employee data—such as financial information or personal identifiers—was compromised during the incident. This conclusion stemmed from the segregation of sensitive data on systems outside the primary network, which employed additional protective measures unaffected by the malware. CEO Dennis Knowles publicly acknowledged employees’ efforts to maintain customer service despite technical limitations, emphasizing operational continuity as the primary focus throughout the disruption. The company committed to providing periodic updates regarding the investigation but did not release technical details about the attack methodology or threat actors involved. Business operations normalized following the week-long remediation, with no reported long-term financial or reputational impacts disclosed in the immediate aftermath.