Cyber Incident Victim: Angling Direct
Date:
Nov 2021
Location:
United Kingdom
Summary
A cybersecurity incident at Angling Direct involved unauthorized network access, forcing the shutdown of its websites and compromising social media accounts. Attackers redirected web traffic to a pornographic site, falsely claiming ownership transfer and offering fraudulent subscriptions, while threatening data deletion unless contacted. The retailer engaged external cybersecurity experts, notified law enforcement and data protection authorities, and maintained physical store operations during the disruption. Although customer financial data remained secure through third-party processors, potential personal data exposure remained under investigation. The breach caused significant traffic diversion, reputational harm from malicious redirects, and concerns over long-term impacts on search rankings and stock performance despite no immediate expected effect on underlying trading.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 5, 2021, Angling Direct, a UK-based fishing tackle retailer listed on the London Stock Exchange, detected unauthorized activity on its network late in the evening, prompting an immediate cybersecurity incident response. The intrusion resulted in the shutdown of the company’s websites, which remained inactive as of November 8, and compromised several corporate social media accounts. Attackers redirected web traffic from Angling Direct’s domains to Pornhub, generating an estimated 30,000 daily forced redirects that disrupted customer access and damaged search engine rankings. Through the hijacked social media accounts, perpetrators falsely claimed the website had been "sold" to MindGeek (Pornhub’s parent company) and offered fictitious free PornHub Premium subscriptions to customers. A message attributed to the attackers under the alias "MASTER" demanded contact to negotiate data restoration, explicitly threatening to wipe internal company data.
Angling Direct’s board engaged external cybersecurity specialists to investigate the breach and initiated round-the-clock recovery efforts while keeping all 39 physical retail stores operational. The company notified UK law enforcement and the Information Commissioner’s Office (ICO), acknowledging potential data exposure but emphasizing it held no customer financial data due to third-party payment processing. Online sales for fiscal 2021 totaled £35.3 million with 7.4 million website visitors, underscoring the operational disruption’s significance. While the board stated no expected detrimental impact on underlying trading, it acknowledged ongoing assessments of financial exposure from the incident. Public statements apologized for customer disruption and committed to notifying affected individuals if personal data breaches were confirmed, adhering to regulatory obligations. Industry observers highlighted risks to stock performance and long-term brand reputation due to the scale of traffic diversion and perceived security vulnerabilities.