Cyber Incident Victim: Intersport
Date:
Nov 2022
Location:
France
Summary
A ransomware attack by the Hive group disrupted operations at a major global sports retailer, primarily affecting stores in France during a peak sales period. The incident disabled point-of-sale systems, loyalty programs, and gift card services, forcing stores to rely on manual checkouts and inventory tracking, causing customer delays. Hive claimed responsibility and leaked purported proof of stolen data, though the company stated no customer data was compromised and declined to confirm whether ransom negotiations occurred. This followed prior cybersecurity incidents involving the organization, including a 2020 Magecart card-skimming attack on its website.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The ransomware attack against Intersport occurred on November 23, 2022, disrupting operations primarily across stores in northern France, including Nord and Pas-de-Calais regions. The incident disabled networked cash registers, loyalty card systems, and gift card services during Black Friday sales promotions—a peak retail period. Store managers implemented manual checkout processes, requiring handwritten transaction records and inventory updates, which slowed customer service and caused delays. Physical signs notified shoppers of the cyberattack's impact at affected locations like Arques, Calais, Noyelles-Godault, and Faches-Thumesnil. Intersport confirmed the breach affected a regional store group but emphasized limited scope relative to its 780 French locations, characterizing it as an "infime partie" of operations. Technical containment measures included isolating compromised systems and relying on offline backup registers not connected to central networks. Stores remained open throughout the disruption, maintaining partial functionality via these manual workarounds.
On December 12, 2022, the Hive ransomware group claimed responsibility for the attack, posting alleged proof of stolen Intersport data on its leak site. Intersport publicly stated it had "no particular concerns" about customer data exfiltration but declined to confirm or deny ransom negotiations, responding with "no comment" to related queries. The company acknowledged prior cyberattack attempts, noting its systems had previously thwarted intrusions but failed to prevent this incident. Operational impacts persisted beyond the initial attack date, with stores still using contingency measures as of November 24. Intersport cited ongoing resolution efforts without specifying technical remediation steps or timelines. The incident followed a 2020 Magecart card-skimming attack against Intersport's e-commerce systems, establishing a pattern of cybercriminal targeting. No data recovery timelines, financial losses, or final resolution status were disclosed in available reports.