Cyber Incident Victim: Metro
Date:
Oct 2022
Location:
Germany
Summary
A wholesale giant experienced widespread IT infrastructure outages impacting physical stores across multiple European countries, forcing the implementation of offline payment systems and causing delays in online order processing following a cyberattack. The company's internal IT team initiated an investigation with external experts to determine the cause while cooperating with relevant authorities. Despite operational disruptions affecting technical services and digital transactions, physical stores remained open with contingency measures in place. The incident impacted a multinational network serving hospitality industry clients through hundreds of locations worldwide.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
International wholesale company METRO experienced a cyberattack around October 17, 2022, triggering significant IT infrastructure disruptions across multiple European countries. The incident caused partial outages affecting technical services in Austria, Germany, and France, with operational impacts first reported by technology journalist Günter Born. Stores remained open but encountered payment system failures, forcing the company to implement offline transaction processing methods. Online ordering platforms—including web applications and digital storefronts—remained accessible but suffered processing delays. METRO confirmed the cyberattack's role in the service interruptions through an official website notice, though specific technical details regarding attack vectors or intrusion methods were not disclosed. The company's IT department initiated immediate incident response procedures upon detecting the outage.
METRO engaged external cybersecurity experts to assist its internal team in determining the root cause of the infrastructure disruption. Corporate communications emphasized the ongoing nature of both the outage and investigation, without providing restoration timelines. The organization fulfilled regulatory obligations by notifying relevant authorities about the security breach and pledged cooperation with official investigations. As a global wholesaler serving the HoReCa sector through 661 METRO and MAKRO branded stores, the incident affected operations across more than 30 countries where the company maintains its 95,000-person workforce. Business continuity measures focused on maintaining physical store operations while technical teams worked to resolve digital service interruptions, with particular emphasis on restoring standard payment processing capabilities and reducing online order fulfillment delays.