Cyber Incident Victim: Bennet
Date:
Jun 2023
Location:
Italy
Summary
Bennet, an Italian supermarket chain, suffered a cyber attack that prompted the precautionary suspension of some technology-related services and its e-commerce area. The company engaged international partners and notified authorities to restore its IT systems. All physical stores remained fully operational, including electronic payment systems. Based on the ongoing analysis, the incident did not impact the confidentiality of customer data. A ransom was demanded by the hackers responsible for the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 2, 2023, the Italian supermarket chain Bennet was subjected to a cyber attack. The incident began during the evening of that day, as reported by sources including the Corriere newspaper. The attackers behind the intrusion specifically requested a ransom from the company, characterizing the event as a ransomware attack. In immediate response to the discovery of the breach, Bennet made the decision to proactively suspend the regular functioning of certain services connected to its technological infrastructure. This was a precautionary measure taken to contain the incident and prevent further potential damage to its systems.
The primary impact of these service suspensions was felt in the company's e-commerce area and several ancillary services, which were taken offline temporarily. Despite this disruption to its online operations, Bennet's extensive physical retail network remained fully functional throughout the entire incident. All of the company's points of sale, including its hypermarkets and superstores, continued to operate without interruption. Critically, payment systems were unaffected, allowing customers to make purchases and use electronic cards at checkout without any issues. This ensured that the day-to-day business of the grocery chain could proceed normally, minimizing the immediate impact on consumers.
Bennet's response to the attack was swift and comprehensive. The company immediately initiated a series of interventions aimed at restoring regular operability to its information systems as quickly as possible. A key aspect of this response involved engaging primary international partners, indicating that Bennet sought external expertise from leading cybersecurity firms to assist with the analysis, containment, and recovery efforts. Concurrently, the company followed proper legal and regulatory protocols by informing the competent authorities of the breach. This engagement with authorities is a standard procedure for significant cyber incidents and ensures that the appropriate law enforcement and data protection bodies are aware of the situation.
Throughout the recovery process, Bennet placed a significant emphasis on communicating with its customers to provide reassurance. The company issued an official press release on June 7, 2023, detailing the nature of the incident and the steps being taken. A central point in this communication was the assertion that, based on the ongoing analysis and restoration activities, no impacts on the confidentiality of customer data had been identified. Bennet stated that the attack did not appear to have resulted in a compromise of customer data privacy, suggesting that data exfiltration may not have occurred or that its core customer databases remained secure. The company reconfirmed its maximum commitment to restoring all suspended services in the shortest possible time.
In addition to the immediate goal of restoring systems, Bennet's response also included a focus on enhancing its security posture for the future. The company stated that it was taking actions to further increase the high security standards that already characterized its operations. This indicates that the incident was used as an opportunity to strengthen defenses beyond their pre-attack levels, likely through implementing additional security measures, patches, or architectural changes identified during the forensic investigation. The engagement of international partners would have been instrumental in both the remediation phase and in planning these long-term security improvements.
The scale of Bennet's operations meant that the incident had the potential to affect a large number of employees and customers. The company is a significant player in the Italian retail sector, particularly in Northern Italy. At the time of the incident, Bennet's footprint included 65 hypermarkets and superstores and 58 active bennetdrive pickup points. These facilities encompassed over 300,000 square meters of sales space distributed across 1,350 stores. The company also employed more than 6,000 people and owned 50 commercial galleries. The fact that its physical operations were unimpeded by the cyber attack was therefore crucial for maintaining service for a substantial customer base and for the continuity of its business. The temporary suspension was confined to digital channels, which, while important, represented a smaller portion of the overall customer experience compared to the brick-and-mortar stores. The incident did not disrupt the supply chain or the ability to stock shelves and serve customers in person. The company's primary revenue streams remained protected throughout the duration of the event. The response and recovery efforts were focused entirely on the digital infrastructure that supports its online and ancillary services. The complete restoration timeline for these services was not explicitly detailed in the available communications, but the company's statements emphasized speed and a return to full functionality as its paramount objectives.