Cyber Incident Victim: Kingfisher plc

On or around October 1, 2022, Kingfisher experienced unauthorized access to its IT systems. The breach became public on October 17, 2022, when the LockBit ransomware cartel listed Kingfisher on its data leak site, claiming to have exfiltrated 1.4 terabytes of company data. LockBit affiliates asserted the stolen data included sensitive personal information belonging to employees and customers. The group published samples of allegedly compromised credentials, including email addresses and passwords tied to Kingfisher’s Workday and Access accounts. Kingfisher promptly engaged third-party IT security specialists to investigate the incident and contain the breach. The company confirmed the unauthorized access but contested LockBit’s claims regarding the scale and sensitivity of the stolen data.

Initial findings from Kingfisher’s investigation indicated only a limited number of non-sensitive files were copied during the intrusion. The company stated it found no evidence supporting LockBit’s assertion of 1.4 terabytes of exfiltrated data. Kingfisher secured its affected systems and reported no ongoing operational disruptions stemming from the incident. LockBit, a ransomware operation active since 2019, distinguished itself through a business-like affiliate model and persistence compared to defunct groups such as REvil and Darkside. While researchers noted LockBit’s operational efficiency, Kingfisher maintained its internal review did not corroborate the threat actors’ data theft claims. The company concluded its response by emphasizing system remediation and the absence of material operational impact.