METRO Annual Report 2022/23 - On Track

Half-Year Financial Report H1/Q2 2023/24

7 May 2024, 6.30pm CEST

H1/Q2 2023/24 Results Presentation

08 May 2024, 08:45 CEST

Annual General Meeting 2024

07 February 2024, 11:00 CET

#WeStandWith­Ukraine - We are ONE METRO

We support and help through concrete initiatives.

Insights

Insights

Quarterly fresh deep-dive

Topics that move METRO and and the wholesale business.

Own-brand tinned tomato paste

Insights - Own Brands

Interview with Jens Bresler | Own Brands Development Process | Facts and Figures

Multichannel Transformation

Insights - Multichannel Transformation

Interview Joachim Lindner and Philippe Ernoul | Multichannel Fulfillment Centre | Facts and Figures

IT Security Incidents at METRO

Status 28 December 2023

Unusual connections of a small number of user accounts

METRO has detected unusual connections of a small number of user accounts with access to our websites on 28 December 2023. METRO has proactively blocked these accounts after discovering these events. METRO's internal systems and networks are not compromised. Those users affected are going to be informed by email and asked to change their login details immediately. METRO's operational business was not affected at any time. Required steps to continue to protect METRO customers, employees, suppliers and systems and to liaise with the relevant authorities are ongoing.

Status 28 August 2023

Affected Party Information on IT Security Incident

As previously communicated, METRO became a victim of a cyber attack on 17 October 2022. Within this attack, the attackers had also extracted personal data of employees working at specific METRO locations as well as of former employees and applicants from METRO systems and published it in the darknet, i.e. an anonymous part of the Internet accessible only with special tools.

We have already informed you about the stolen and published data, based on the state of knowledge at that time, in a report dated 10 November 2022 (see below).

As already announced, we have carefully examined the data tapped by the attacker. The intention was to determine whether it also contained personal data from you. If we were able to identify you and if particularly sensitive data was tapped, we have contacted you personally or will contact you personally.

Based on the analyses we have conducted, in particular the following data categories are affected:

  • Application data
  • Personal data of (former) employees, including
    • Contact data,
    • Telephone lists,
    • Birthday lists,
    • Vacation and absence lists, and
    • Shift and deployment plans.

In rare individual cases, pictures or photographs were also tapped.

Based on our analyses, the following companies are particularly affected: METRO AG, METRO Advertising GmbH, METRO Campus Services GmbH, METRO Deutschland GmbH, METRO Digital GmbH, METRO Group Insurance Broker GmbH, METRO Logistics Germany GmbH, METRO Properties Holding GmbH, Hospitality Digital GmbH, Hospitality Services Germany GmbH, METRO Properties GmbH & Co KG and METRO Global Solution Center Limited in Pune, India.

Unfortunately, we cannot exclude the possibility that the above mentioned data categories could be used for identity theft. For example, third parties could attempt to place orders or enter into other contracts in your name.

In addition, this data could be used to attempt to gain access to online accounts by answering typical security questions (e.g. Where were you born? What is your birth name?). For this reason, we recommend special attention.

We recommend that you continue checking private mail and e-mails particularly carefully. If one receives invoices, contract confirmations or other letters relating to orders or contracts that were not initiated, we recommend contacting the respective sender immediately. If you suspect identity theft, file a criminal complaint and follow the recommendations of the Federal Office for Information Security.

In particular, we recommend checking not only the passwords but also the security questions for online accounts and changing them if necessary. It is recommended to check whether any settings have been changed on the online account, for example other e-mail addresses, telephone numbers or message forwarding.

We highly suggest not to open or forward suspicious emails or messages received via messenger services (e.g. WhatsApp). In general, we recommend being wary of unsolicited, unverified, or unexpected messages that ask for personal information or direct to a website that asks for personal information. Avoid responding to suspicious email addresses or messenger services (e.g. WhatsApp), clicking on links or downloading attachments.

If you have any questions, please contact our data protection officer at datenschutz@metro.de.

The security of personal data is a top priority for METRO. We sincerely regret that, despite METRO's high security precautions, data was accessed and published by unauthorised persons during this attack.

We take this incident very seriously and have taken additional security measures. All our efforts have a clear goal: we are doing everything possible to prevent such attacks in the future.

Status 2022

Status 23 November 2022

Current information on the latest IT security incident

As previously communicated, METRO became a victim of a cyber attack on 17 October 2022. During the ongoing work to fully restore the IT infrastructure, we again detected suspicious activities and identified malware. We have therefore decided to shut down individual systems again as a precautionary measure in order to analyse the extent of the activities and limit the damage as best as possible.

Unfortunately, this may mean that technical services are not available or not available in the usual quality. The METRO stores and websites are still in operation and available for you. However, there may be isolated interruptions or delays. We apologize for any inconvenience caused.


Status 10 November 2022

Affected party information on the most recent IT security incident

On 17 October 2022, METRO fell victim to a cyber attack. This initially led to a partial failure of the IT infrastructure in several technical services. While METRO stores and websites are operating, and services are regularly available some delays may still occur.

On 8 November 2022 METRO became aware that the attacker had also extracted and published personal data of employees working at specific METRO locations as well as former employees and applicants from METRO systems.

According to current knowledge, in particular the following categories of data are affected:

  • Application data
  • Personal data of (former) employees, including
    • Telephone lists
    • Birthday lists
    • Vacation and absence lists
    • Shift and deployment plans

The publication took place in the darknet, i.e. an anonymous part of the Internet accessible only with special tools.

At this stage, we cannot yet determine in detail which data from which METRO companies and which specific individuals are affected by the publication. We must currently assume that at least in particular the following companies on the METRO Campus in Düsseldorf and outside of it are affected: METRO AG, METRO Advertising GmbH, METRO Campus Services GmbH, METRO Deutschland GmbH, METRO Digital GmbH, METRO Group Insurance Broker GmbH, METRO Logistics Germany GmbH, METRO Properties Holding GmbH, Hospitality Digital GmbH, Hospitality Services Germany GmbH, METRO Properties GmbH &Co KG and METRO Global Solution Center Limited in Pune, India.

We must currently assume that the attacker has published personal data of employees, applicants and former employees that could be used for identity theft. For example, third parties could attempt to place orders or enter into other contracts in your name.

In addition, this data could be used to attempt to gain access to online accounts by answering typical security questions with personal data (e.g. Where were you born? What is your birth name?).
We work closely with external specialists, law enforcement agencies, data protection authorities and the German Federal Office for Information Security to clarify the incident and identify measures to limit the dissemination of the published data as far as possible.

For the coming days and weeks we recommend special attention.

We recommend checking private mail and e-mails particularly carefully. If one receives invoices, contract confirmations or other letters relating to orders or contracts that were not initiated, we recommend contacting the respective sender immediately. If you suspect identity theft, file a criminal complaint and follow the recommendations of the Federal Office for Information Security.

In particular, we recommend checking not only the passwords, but also the security questions for online accounts and changing them if necessary. It is recommended to check whether any settings have been changed on the online account, for example other e-mail addresses or telephone numbers or message forwarding.

We highly suggest not to open or forward suspicious emails or messages received via messenger services (e.g. WhatsApp). In general, we recommend being wary of unsolicited, unverified, or unexpected messages that ask for personal information or direct to a website that asks for personal information. Avoid responding to suspicious email addresses or messenger services (e.g. WhatsApp), clicking on links or downloading attachments.

If you have any questions, please contact the data protection officer or data protection coordinator of the respective METRO company, whose contact details are: datenschutz@metro.de.

The security of personal data is a top priority for METRO. We sincerely regret that, despite METRO's high security precautions, data was accessed and published by unauthorized persons during this attack.

We take this incident very seriously and have started to intensively review our security protocols and take additional security measures. All these efforts have a clear goal: We are doing everything possible to prevent such attacks in the future.


Status 08 November 2022

Update on recent IT security incident

As announced on 20 October, METRO has become the victim of a cyber-attack that has led to a partial outage of METRO's IT systems. Since then, our IT departments have been working flat out to fully restore the IT infrastructure and related operational customer services. METRO has already made significant progress in this regard. While METRO stores and websites are operating, and services are regularly available some delays may still occur. In addition, as part of the comprehensive analysis of the IT infrastructure outage METRO is closely monitoring any potential publication of data that may have been retrieved during the cyber-attack on our systems.

Yesterday night, regrettably we have identified that METRO has been named by the attacker on their public list of recent targets and few documents allegedly from our servers have been published. It is possible that further data relating to METRO will be published at a later date. We will continue to monitor for any potentially published data and provide updates as required. If there are any critical findings during the analysis of the data, we will inform affected persons and organisations immediately. METRO AG has notified all relevant authorities and the affected subjects about the incident and will, of course, cooperate with them in any way possible.


Status 26 October 2022

Update on recent IT security incident

As announced on 20 October, METRO has become the victim of a cyber-attack that has led to a partial outage of METRO's IT systems. Since then, our IT departments have been working flat out to fully restore the IT infrastructure and related operational customer services. METRO has already made significant progress in this regard. At the same time, Corporate Security and METRO Digital, supported by external forensic experts, profoundly analysed the cyber-attack.

In the course of these investigations, we have now come to the conclusion that despite our extensive security measures, we must assume that the attacker not only encrypted but also gained access to organizational data of METRO employees such as names or business phone numbers.

We have informed our employees about this and we have provided safety advice on how each individual can protect themselves through targeted measures. To date, we have no reason to believe that the attacker had access to customer or supplier data.

METRO immediately informed the data protection authorities about the data access and is in regular and close exchange with all investigating authorities. We will of course continue to monitor and analyse the situation and provide updates as soon as we have new relevant findings.

We sincerely apologize to our employees, customers and business partners for the inconvenience caused by the cyber-attack and ask for their understanding.


Status 20 October 2022

METRO/MAKRO is currently experiencing a partial IT infrastructure outage of several technical services. METRO’s IT team has immediately started a thorough investigation together with external experts to identify the cause of the interruption of services. The latest results of the analysis confirmed a cyberattack on the METRO systems as the cause of the IT infrastructure outage. METRO AG has notified all relevant authorities about the incident and will, of course, cooperate with them in any way possible.

While METRO stores are operating, and services are regularly available disruptions and delays may occur. Store teams have quickly set up offline systems to process payments. Online orders through the web app and online store are being processed but delays need to be expected, as well.

We will continue intensive analysis and monitoring and provide updates as required.
METRO sincerely apologizes for any inconvenience the incident is causing for any of its customers and business partners.

Facts and Figures

€30.6billion sales

 

Status: 30 September 2023

over 89,000employees
worldwide

Status: 31 March 2024

624stores

in 21 countries

Status: 31 March 2024

611locations

for food service distribution (FSD)

Status: 31 March 2024

Contacts

Media Contacts

Are you an editor, freelance journalist or media specialist? Find your contact person for press-related enquiries here.

Investor Contacts

Please contact our Investor Relations team if you have any questions relating to METRO shares.

MPULSE

MPULSE is METRO’s online magazine – featuring exciting topics from the wholesale industry and our customers, independent entrepreneurs. At MPULSE.de we report on what motivates our customers, employees, partners and suppliers – and what we do for others. Our magazine informs, entertains, investigates, and provides insights into our business and that of our customers. And it tells small and big stories about products, ideas and people who make sure our business never stands still.

Social Media

MPULSE on Instagram


MPULSE on YouTube


METRO AG on YouTube


Visit METRO also on


All related social media channels sorted by company and country:



In accordance with our view on integration and inclusion, we advocate a gender-sensitive understanding of language. For the sole purpose of better readability, we in some cases do not use gender-neutral terms or overtly inclusive multi-gender descriptions. When we use the generic masculine form in our corporate media and our social media channels, this is done solely for reasons of the comprehensibility and readability of the text. In all cases, this form includes all genders equally.