Cyber Incident Victim: Intermarché / Mestdagh
Date:
Mar 2024
Location:
Belgium
Summary
A cyberattack targeted former Mestdagh supermarkets operating under Intermarché, exploiting incomplete IT system integration following the acquisition. Attackers compromised the internal ordering system, demanding ransom and causing temporary supply chain disruptions that resulted in sporadic empty shelves across affected stores. The retailer confirmed no personal data was exfiltrated, restored systems promptly, and filed a formal complaint. While operational impacts were limited, some locations experienced order and delivery challenges before normal operations resumed within days.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Sunday, March 24, 2024, a cyberattack targeted dozens of former Mestdagh supermarkets recently acquired by French retailer Intermarché. The attackers exploited transitional vulnerabilities arising from incomplete integration of the acquired stores’ IT systems with those of Intermarché’s parent company, Les Mousquetaires. Primary impact occurred within the internal ordering system, disrupting supply chain operations for multiple locations. This disruption manifested as logistical delays in product deliveries, leading to sporadic stock shortages visible through empty shelves in affected stores. Attackers deployed ransomware, explicitly demanding payment to restore system functionality, though Intermarché did not disclose whether negotiations occurred or ransom amounts. The retailer confirmed no exfiltration of customer or employee personal data occurred during the breach.
Intermarché activated incident response protocols to isolate compromised systems and restore operations, asserting the attack’s overall impact remained limited. Technical teams successfully reactivated the ordering system promptly, though residual supply chain delays persisted for several days. The company formally filed a legal complaint with relevant authorities to initiate an investigation but did not specify whether law enforcement agencies assisted in containment efforts. By March 28, Intermarché projected full operational normalization across all stores by the following Friday, emphasizing no long-term data or infrastructure damage occurred. Store personnel managed customer-facing impacts by manually addressing inventory gaps while systems stabilized.