08 July 2022

Delivery service company Yodel has suffered a “cyber incident” resulting in widespread disruption across its network.

Customers awaiting deliveries noted that the company’s systems went offline the weekend before last and that they have been unable to receive updates since then.

In a message posted on its website, Yodel said: “We are working to restore our operations as quickly as possible but for now, order tracking remains unavailable and parcels may arrive later than expected.”

Although the company is still able to make deliveries, it has advised customers to expect delays across its network.

Yodel has not revealed how it was attacked, but early reports suggest that it was targeted by ransomware. The damage appears to be primarily related to service disruption, as opposed to the exfiltration of personal data.

“Reports of a cyberattack against Yodel causing disruption to its services demonstrates the importance of cyber preparedness,” said Lawrence Perret-Hall, director, CYFOR Secure. “Having an incident response and forensic readiness plan in place, deployable at any time, is crucial in the event of a business-critical attack. And with business continuity playbooks readily available, disruption can be kept to a minimum. This is even more important when considering Yodel was targeted at a weekend, a common tactic cyber criminals use in an attempt to avoid immediate detection.

It could take weeks to fully restore systems. Yodel is still required to fulfil its data breach notification requirements.