Massy Stores stalled nationwide by cyber attack in T&T

Thousands of people possibly hoping yesterday to beat the month-end and long-weekend crowds at Massy Stores were left frustrated, as the popular grocery chain was forced to close all of its branches due to a cybersecurity attack.

Customers were turned away as the Massy staff realised the checkout system was not functioning and sales at the company’s 23 branches nationwide could not be completed.

Even customers who sought to pay bills through Surepay and Moneygram wire money transfer services were turned away.

The only business conducted at Massy Stores locations was the sale of its prepared lunches, which were sold in cash-only transactions.

The company confirmed in a statement sent to both media and posted to social media platforms that typical sales could not happen at any of their stores due to a technical issue.

Massy said, “These challenges impact our customer shopping experience as items cannot be purchased from our store locations or pharmacies at this time.”

Later in the day, another release confirmed a cyber attack led to the technical difficulties experienced at all stores across the country.

In the statement, Massy said it took “immediate action, suspending all customer-facing systems, and has been working with third-party experts to resolve the situation. Backup servers were not affected and the technical team is actively working with the expert teams to restore the system safely and in the shortest time possible.”

This admission of a cyber attack comes less than a week after Aeropost confirmed the credit card information of several customers was compromised after many clients were alerted to unusual activity on their credit card accounts. Aeropost confirmed the breach last weekend and advised customers to contact their banks.

Massy, however, believed customer information had not been impacted by the attack.

Massy said, “The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation.”

Yesterday, Dr Ronald Walcott, managing director of Precision Cybertechnologies and Digital Solutions, a cyber security firm, said the attack appeared to be a denial of service rather than an attempt to steal personal information.

“I would not like to speculate on what transpired, I don’t have the information. Given what I have seen and from my understanding of what transpired, it seemed to be more of a denial of service attack. What you call a DOS attack and that does not usually lend itself to the extraction of personal information. So I would not automatically think so, but I don’t have enough information to be able to comment on that,” he said.

However, he noted that cyber-attacks had been on the rise in the region.

“What’s happening now here in Trinidad and Tobago is happening globally. When we look at some of the activity we’ve been seeing in the last couple of months, we’ve seen a significant increase in cyber activities in Latin America and the Caribbean. It’s hard to pinpoint exactly where it is coming from. But it’s happening and it’s going to only increase and get more significant,” he warned.

He said the Government would have to look at additional laws with regard to cybercrime but also stressed that companies would have to increase vigilance concerning these attacks.

“I would expect it’s only a matter of time before our Government looks into those privacy laws. When it comes to cybercrime, cyber activities, there is what we call the CIA triad that deals with confidentiality, integrity and availability. One of the key aspects of confidential information is the fact that personal information and personal identity should be protected. So that is always going to be of concern to customers.”

He added, “We have been trying to educate people just for them to be aware. You need to be aware and be educated. Particularly employees of organisations, companies need to relook at the risk that they are taking, which means that they should look at their cyber security exposure. “Because you need to secure your networks, you need to ensure that all of your critical data is encrypted and that you have it backed up and stored. And that you are always vigilant. So a number of organisations would have deployed various tools, antivirus, firewalls, and so on but they need to do a hard look at that right now to ensure they have the best protection in place.”

Massy said it would work to rectify the situation to allow stores to open today.


Leave a Reply

Your email address will not be published.