Cyber Incident Victim: Lojas Renner

Lojas Renner, Brazil's largest clothing department store chain, disclosed a ransomware attack impacting its IT infrastructure in a filing with the Brazilian stock market on August 19, 2021. The incident resulted in the unavailability of certain systems, including the company’s official e-commerce platform. Initial reports from Brazilian bloggers and news outlets inaccurately claimed the attack forced the closure of all physical stores nationwide. Renner officials addressed these claims in a subsequent stock market filing, confirming all physical stores remained operational and clarifying the disruption primarily affected online sales channels. The Record verified this through interviews with Brazilian customers who confirmed stores were open and processing transactions normally. While the company acknowledged a breach, it downplayed the intrusion’s severity, stating its primary database remained intact and unencrypted.

Details regarding the ransomware operation remained unconfirmed, though one Brazilian blog attributed the attack to the RansomExx gang, alleging initial access was gained via Tivit, a major Brazilian IT and digital services provider. Tivit denied these allegations in an interview with CNN Brazil Business, asserting no breach of its corporate networks or servers occurred. Renner did not confirm whether attackers exfiltrated data, but RansomExx’s typical modus operandi involves data theft prior to encryption, suggesting potential compromise of company information. An unverified report citing unofficial sources claimed Renner paid a $20 million ransom, though the company did not respond to requests for comment. Lojas Renner’s financial position, as one of South America’s largest retailers operating over 600 stores under multiple brands, could accommodate such a payment. The incident highlighted operational resilience in physical retail locations despite significant digital disruption to e-commerce systems.