Home improvement retailer Ace Hardware still can’t take online orders as of Friday while it recovers from “a malicous cyberattack.” News of the outage first started circulating on Sunday, after a Reddit user shared a note from CEO John Venhuizen detailing the incident. Ace Hardware has not responded to a request for comment to verify the email, but the website confirms that it is “currently unable to process orders online” and directs customers to make their purchases in-store.
The cyber incident impacted warehouse management, invoice and other delivery systems, according to Venhuizen’s memo. “The impact of this incident is resulting in disruptions to your shipments,” Venhuizen wrote. An update issued on Monday urged stores to stay open, and confirmed there were no known impacts to its in-store payment and service systems.
Out of the company’s 1,400 servers and 3,500 networked devices, 1,202 were impacted by the attack, according to a notice obtained by Bleeping Computer. About half had been restored as of early Thursday morning. “This frustration and all of this effort is the direct result of a malicious cyber attack on Ace,” the update said. “This was perpetuated by criminals. Though they are hiding in this shadows, they are no different than thugs who break into your store attempting to steal your stuff.” The details of the attack, such as who is responsible and how they accessed the systems, hasn’t been confirmed yet.
Ace Hardware also warned retailers to be aware of cybercriminals trying to take advantage of the chaos by spoofing email updates or trying to remotely access in-store systems. Ace Hardware operates on a retailer-owned model, in which store owners form the cooperative of shareholders behind the retail giant. The retailer operates more than 5,800 stores.