Cyber Incident Victim: Layer Großhandel
Date:
Apr 2025
Location:
Germany
Summary
LayerGroßhandel experienced a cyberattack that affected internal systems, leading to partial encryption and disruption of email and telephone services while the online shop remained operational. The company reported that some branches stayed closed during the incident and that investigations with law enforcement were underway to determine the scope, including whether personal data were compromised. The firm stated that it was working with external IT security experts to restore operations and that no comparable incident had occurred previously.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Wednesday evening, 16 April 2025, Layer detected the first irregularities in its internal processes and immediately launched an investigation. The investigation revealed that several internal systems had been affected by a cyberattack and were partially encrypted, which rendered certain business processes temporarily impossible to carry out. Layer had already reported the suspicion of a cyberattack on the preceding Thursday, 10 April 2025, and had closed its retail locations that day. On Monday, 21 April 2025, the company issued a follow‑up notification to customers, stating that its email service had been temporarily unavailable. By Tuesday, 22 April 2025, the core IT systems were restored to full functionality, order processing and deliveries resumed, although some delays were possible. Customers who had contacted Layer between 16 April and 20 April were asked to resend their messages, while the online shop remained continuously operational and was not impacted by the incident. The Abholmarkt in Tettnang stayed open, whereas the branches in Biberach, Memmingen, Marktoberdorf, Oberstdorf, Liebenwalde and Augsburg remained closed on Wednesday, 23 April 2025 and, according to later updates, also on Thursday, 24 April 2025.
Layer engaged experienced external IT‑security experts to analyse the attack and to restore the affected systems, and it informed the relevant authorities, including the police headquarters in Ravensburg, which confirmed that investigations were ongoing. The company stated that it was examining whether any personal data had been compromised and that, if necessary, affected individuals would be notified in accordance with data‑protection regulations; required notifications to the authorities had already been made. Layer noted that the financial damage could not yet be quantified and that no comparable incident had occurred in the company’s history. It also warned that the attack could lead to an increase in phishing emails and fraudulent invoices referencing the event. For communication, Layer provided the phone number 07542 930044 for the Vertriebsinnendienst in Tettnang and the email address service@layer‑grosshandel.de, with data‑protection inquiries directed to datenschutzbeauftragter@layer‑grosshandel.de. On 17 April 2025, due to the suspicion of a cyberattack on the internal network, the company was only partially reachable, all retail stores remained closed, no deliveries were made using its own fleet, the online shop stayed accessible, possible delivery delays were expected, and customer‑specific prices were not displayed in the online shop until the systems were updated. The narrative ends here.