IT Security Incident at METRO
Status 23 November 2022
Current information on the latest IT security incident
As previously communicated, METRO became a victim of a cyber attack on 17 October 2022. During the ongoing work to fully restore the IT infrastructure, we again detected suspicious activities and identified malware. We have therefore decided to shut down individual systems again as a precautionary measure in order to analyse the extent of the activities and limit the damage as best as possible.
Unfortunately, this may mean that technical services are not available or not available in the usual quality. The METRO stores and websites are still in operation and available for you. However, there may be isolated interruptions or delays. We apologize for any inconvenience caused.
Status 10 November 2022
Affected party information on the most recent IT security incident
On 17 October 2022, METRO fell victim to a cyber attack. This initially led to a partial failure of the IT infrastructure in several technical services. While METRO stores and websites are operating, and services are regularly available some delays may still occur.
On 8 November 2022 METRO became aware that the attacker had also extracted and published personal data of employees working at specific METRO locations as well as former employees and applicants from METRO systems.
According to current knowledge, in particular the following categories of data are affected:
- Application data
- Personal data of (former) employees, including
- Telephone lists
- Birthday lists
- Vacation and absence lists
- Shift and deployment plans
The publication took place in the darknet, i.e. an anonymous part of the Internet accessible only with special tools.
At this stage, we cannot yet determine in detail which data from which METRO companies and which specific individuals are affected by the publication. We must currently assume that at least in particular the following companies on the METRO Campus in Düsseldorf and outside of it are affected: METRO AG, METRO Advertising GmbH, METRO Campus Services GmbH, METRO Deutschland GmbH, METRO Digital GmbH, METRO Group Insurance Broker GmbH, METRO Logistics Germany GmbH, METRO Properties Holding GmbH, Hospitality Digital GmbH, Hospitality Services Germany GmbH, METRO Properties GmbH &Co KG and METRO Global Solution Center Limited in Pune, India.
We must currently assume that the attacker has published personal data of employees, applicants and former employees that could be used for identity theft. For example, third parties could attempt to place orders or enter into other contracts in your name.
In addition, this data could be used to attempt to gain access to online accounts by answering typical security questions with personal data (e.g. Where were you born? What is your birth name?).
We work closely with external specialists, law enforcement agencies, data protection authorities and the German Federal Office for Information Security to clarify the incident and identify measures to limit the dissemination of the published data as far as possible.
For the coming days and weeks we recommend special attention.
We recommend checking private mail and e-mails particularly carefully. If one receives invoices, contract confirmations or other letters relating to orders or contracts that were not initiated, we recommend contacting the respective sender immediately. If you suspect identity theft, file a criminal complaint and follow the recommendations of the Federal Office for Information Security.
In particular, we recommend checking not only the passwords, but also the security questions for online accounts and changing them if necessary. It is recommended to check whether any settings have been changed on the online account, for example other e-mail addresses or telephone numbers or message forwarding.
We highly suggest not to open or forward suspicious emails or messages received via messenger services (e.g. WhatsApp). In general, we recommend being wary of unsolicited, unverified, or unexpected messages that ask for personal information or direct to a website that asks for personal information. Avoid responding to suspicious email addresses or messenger services (e.g. WhatsApp), clicking on links or downloading attachments.
If you have any questions, please contact the data protection officer or data protection coordinator of the respective METRO company, whose contact details are: email@example.com.
The security of personal data is a top priority for METRO. We sincerely regret that, despite METRO's high security precautions, data was accessed and published by unauthorized persons during this attack.
We take this incident very seriously and have started to intensively review our security protocols and take additional security measures. All these efforts have a clear goal: We are doing everything possible to prevent such attacks in the future.
Status 08 November 2022
Update on recent IT security incident
As announced on 20 October, METRO has become the victim of a cyber-attack that has led to a partial outage of METRO's IT systems. Since then, our IT departments have been working flat out to fully restore the IT infrastructure and related operational customer services. METRO has already made significant progress in this regard. While METRO stores and websites are operating, and services are regularly available some delays may still occur. In addition, as part of the comprehensive analysis of the IT infrastructure outage METRO is closely monitoring any potential publication of data that may have been retrieved during the cyber-attack on our systems.
Yesterday night, regrettably we have identified that METRO has been named by the attacker on their public list of recent targets and few documents allegedly from our servers have been published. It is possible that further data relating to METRO will be published at a later date. We will continue to monitor for any potentially published data and provide updates as required. If there are any critical findings during the analysis of the data, we will inform affected persons and organisations immediately. METRO AG has notified all relevant authorities and the affected subjects about the incident and will, of course, cooperate with them in any way possible.
Status 26 October 2022
Update on recent IT security incident
As announced on 20 October, METRO has become the victim of a cyber-attack that has led to a partial outage of METRO's IT systems. Since then, our IT departments have been working flat out to fully restore the IT infrastructure and related operational customer services. METRO has already made significant progress in this regard. At the same time, Corporate Security and METRO Digital, supported by external forensic experts, profoundly analysed the cyber-attack.
In the course of these investigations, we have now come to the conclusion that despite our extensive security measures, we must assume that the attacker not only encrypted but also gained access to organizational data of METRO employees such as names or business phone numbers.
We have informed our employees about this and we have provided safety advice on how each individual can protect themselves through targeted measures. To date, we have no reason to believe that the attacker had access to customer or supplier data.
METRO immediately informed the data protection authorities about the data access and is in regular and close exchange with all investigating authorities. We will of course continue to monitor and analyse the situation and provide updates as soon as we have new relevant findings.
We sincerely apologize to our employees, customers and business partners for the inconvenience caused by the cyber-attack and ask for their understanding.
Status 20 October 2022
METRO/MAKRO is currently experiencing a partial IT infrastructure outage of several technical services. METRO’s IT team has immediately started a thorough investigation together with external experts to identify the cause of the interruption of services. The latest results of the analysis confirmed a cyberattack on the METRO systems as the cause of the IT infrastructure outage. METRO AG has notified all relevant authorities about the incident and will, of course, cooperate with them in any way possible.
While METRO stores are operating, and services are regularly available disruptions and delays may occur. Store teams have quickly set up offline systems to process payments. Online orders through the web app and online store are being processed but delays need to be expected, as well.
We will continue intensive analysis and monitoring and provide updates as required.
METRO sincerely apologizes for any inconvenience the incident is causing for any of its customers and business partners.
Facts and Figures
MPULSE is METRO’s online magazine – featuring exciting topics from the wholesale industry and our customers, independent entrepreneurs. At MPULSE.de we report on what motivates our customers, employees, partners and suppliers – and what we do for others. Our magazine informs, entertains, investigates, and provides insights into our business and that of our customers. And it tells small and big stories about products, ideas and people who make sure our business never stands still.