Ukraine's largest home improvement retailer disrupted by cyberattack

Ukraine’s largest home improvement retailer, Epicentr, said it had fallen victim to a large-scale cyberattack that disrupted operations at dozens of its stores across the country and crippled key IT systems, including sales registers and logistics services.

On Monday, customers at Epicentr stores across Ukraine cities couldn’t make purchases because the checkout systems were down. Many also said they couldn’t get their orders delivered or access the company’s app and website.

In a statement on Tuesday, Epicentr, which operates more than 70 shopping centers spanning more than 2.2 million square meters, confirmed it had suffered a targeted attack.

“A deliberate attack by malicious actors has had serious consequences for the company’s infrastructure,” the statement said.

The retailer did not attribute the incident to any specific group, and it remains unclear how hackers infiltrated its systems or what their ultimate objective was. The company has not confirmed whether ransomware was used in the attack.

While most stores had resumed operations by Tuesday afternoon, some continued to experience disruptions. Epicentr also acknowledged ongoing issues with its accounting systems, noting that vital financial records and registries were missing. As a result, the company said it is currently unable to generate required financial and tax reports.

Epicentr also warned of potential delays in delivering goods, especially for online orders, and said customers may experience problems with parcel tracking and pickup services at its shopping centers. Epicentr employs 29 000 people and is one of the largest private companies in Ukraine.

Ukrainian companies remain targets

This marks the third major cyberattack on a Ukrainian company in recent months. In January, the country’s leading agribusiness firm MHP reported “the most severe” cyber incident in its history, though it did not name the group responsible. In March, suspected Russian hackers targeted state-owned railway operator Ukrzaliznytsia, disrupting its online ticketing services.

In addition to the recent cyberattacks, Ukrzaliznytsia and Epicentr are also repeatedly targeted by Russian missile strikes. Since the start of the full-scale invasion, Epicentr has lost 10 shopping centers with a combined area of more than 177,500 square meters.

Ukraine has faced a wave of cyberattacks amid its ongoing war with Russia. Last year, the country’s largest telecom provider, Kyivstar, suffered a devastating cyberattack that knocked services offline for days. 

More recently, Ukrainian authorities reported an attack on state registers, including databases containing sensitive biometric, tax, and property data. In January 2024, hackers also disrupted a data center serving several major state-owned entities, the national postal service, and a large energy firm.

Large retailers worldwide are prime targets for malicious hackers. Britain’s Marks & Spencer chain has been responding to a cyberattack for about a week.