01 May 2024

Carpetright was unable to process online or in-store orders for nearly a week due to a cyberattack.

Hackers targeted the company’s head office, deploying malware to gain unauthorised access to systems. The malware also affected internal systems, with employees facing difficulties accessing payroll information. According to Carpetright, the attack was contained before any customer or employee data was compromised.

“The impact this attack has had on Carpetright’s current orders and its future reputation has come at a very inopportune time for the retailer,” said Matthew Walton, senior retail analyst at GlobalData. “Like many retailers, Carpetright has taken steps to reduce its costs recently to navigate a challenging big-ticket market and has already reportedly hired Teneo to explore possible cuts. However, this shows that whatever challenges retailers are under, they cannot afford to cut back on is cybersecurity.”
The Carpetright incident serves as a stark reminder for retailers of all sizes. Robust cybersecurity measures and investments are no longer optional; they are essential for protecting business operations, customer data, and brand reputation.

“Financially motivated actors will target any organisation they think they can extract money from. You don’t need to be positioned in a significant or prominent industry, you just need to have a level of cash flow and an exposed service on the internet. Attackers will see Carpetright as little more than an IP address/Host name/service that they can exploit,” commented Tim West, director, threat intelligence & outreach, WithSecure.