[BreachExchange] Kwik Fit hit by malware, knocking out IT systems

Destry Winant destry at riskbasedsecurity.com
Fri Feb 1 09:08:36 EST 2019


https://www.itpro.co.uk/security/32880/kwik-fit-hit-by-malware-knocking-out-it-systems

Car garage unable to process orders after a virus gets into its IT systems

Car repair chain Kwik Fit's IT systems have been down since Saturday
after the company's IT systems were hit with malware.

The company first notified customers of the issue while responding to
complaints on Twitter. A number of customers complained that they
couldn't reach the service because the phone lines were not working.

"We are currently experiencing technical difficulties and our systems
are offline," the company tweeted. "However, this is being
investigated as a matter of urgency and we are working to fix this
ASAP. Please bear with us."

This became a long thread of complaints and despite tweeting that the
situation had been resolved, more and more customers continued to
report problems.

One customer, called Bryan Mez suggested it was a ransomware case. He
tweeted the BBC: "Went for an MOT at Kwikfit and apparently their
systems have been hacked and someone is trying to obtain money from
the company. Could be a GDPR data breach. Have you heard anything
about it?"

The problems carried on into the week and the company did confirm that
a virus had infected its IT systems. But there was no explanation of
what the virus was.

"We first experienced some issues with a virus in our IT network
during the weekend," a spokeswoman told the BBC. "This affected a
number of our systems but in the interest of ongoing security, we
can't confirm the source of the problem.

"We have been working to get our operational systems back up and
running normally and while there is still some disruption, our centres
are open as usual."

The source of the malware hasn't been disclosed as the company said it
couldn't say anything else for "security reasons" but it did say that
it didn't believe its customer's records had been affected.

"We can reassure customers that we do not store any of their financial
information and currently have no reason to believe that any customer
data was compromised," the spokeswoman added.

Malware is a major headache for both large and small businesses and as
the KwikFit incident show, it's not just an IT company problem. It can
make its way onto any connected device like phones, laptops and even
wearables. Once it has infiltrated a network it can quickly spread and
this is what causes a big problem in businesses.


More information about the BreachExchange mailing list