Cyber Incident Victim: Benetton Group
Date:
Jan 2023
Location:
Italy
Summary
A major multinational clothing company experienced a severe large-scale cyberattack targeting its online order warehouse infrastructure, specifically impacting e-commerce servers and logistics systems at its Castrette di Villorba facility. The organization's Security Operations Center successfully prevented the attack from fully compromising systems through proactive security measures and immediate countermeasures, including forcibly shutting down affected servers to isolate the infrastructure. While most global retail operations remained functional, the incident caused significant disruptions—halting e-commerce activities for five days and requiring partial operational restoration efforts. Employees were instructed to stay home during the outage, with gradual service normalization anticipated following containment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 5 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between January 18 and 19, 2023, Benetton Group experienced a severe cyberattack targeting its online order warehouse operations at its Castrette di Villorba logistics facility in Italy. The attack compromised servers supporting the company’s e-commerce platform and autostore systems within the logistics hub, which had been inaugurated in November 2022. The intrusion’s effects became apparent on January 19, forcing an immediate shutdown of e-commerce activities and halting operations at the affected logistics center. Employees were instructed to remain home as the company initiated emergency protocols. The disruption lasted five days, with partial operational recovery not anticipated until January 23. Benetton characterized the incident as a large-scale assault but emphasized its security systems prevented the attackers from achieving their objectives.
Benetton’s Security Operations Center and IT team responded by isolating compromised systems, powering down servers to contain the breach, and implementing pre-established countermeasures. These actions, alongside security enhancements enacted in preceding months, mitigated further damage and preserved global retail operations outside the directly impacted e-commerce and logistics functions. Service interruptions stemmed from the forced server shutdowns required to secure the IT infrastructure. The company confirmed no successful data exfiltration or systemic compromise occurred due to these defensive measures. By January 23, Benetton expected to restore partial functionality across affected sites while continuing recovery efforts for full operational normalization.