Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online.
The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it is neither stored on its systems nor processed by them.
Yodel services down for days
According to customers waiting package delivery, Yodel’s tracking and customer services went down over the weekend, some of them claiming that they’ve had no information on packages for at least four days.
Cybersecurity researcher Kevin Beaumont today said that there are rumors about Yodel being hit by a ransomware attack, a plausible theory considering that these threat actors typically avoid to encrypt victim computers on weekdays, when the process is more likely to be discovered.
It appears that Yodel initially informed eBay sellers of the cyberattack in private messages, saying that it was “working through the nature and full impact of the cyber incident.”
The company said that it was working to get its systems back online with support from a qualified external party.
Yodel later displayed a public statement on its website confirming that the service disruption was due to a cyber incident and informing users that “parcels may arrive later than expected.”
In a larger post about the incident, Yodel advises its clients to avoid responding to unsolicited communications asking for personal information or referring to web pages that require such details.
“Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If you are asked for personal information by someone purporting to be Yodel employee, please let us know immediately” - Yodel
BleepingComputer has reached out for the company with questions about the cyberattack and is waiting for a reply from the company.