Delivery firm Yodel disrupted by cyber attack

Delivery van with Yodel logo photographed through a shop door frame
(Image credit: Getty Images)

UK delivery and logistics company Yodel has confirmed that it has been the victim of a cyber attack which has impacted its services.

Online delivery tracking is currently down and the company’s customer service helpline also appears to be down for “maintenance”. Yodel’s website remains online at the time of writing.

Yodel confirmed to IT Pro that it had suffered an attack but did not confirm any other information.

The full nature of the attack is still unclear, including whether customer data has been compromised, when the attack occurred, and how long it will take the company to recover.

However, according to prominent cyber security expert Kevin Beaumont, the attack is rumoured to include a ransomware element.

The information was made public after the company privately messaged eBay sellers confirming the attack in a ‘confidential’ note.

Yodel is currently working towards recovering its systems but it anticipates “some immediate delays in fulfilling some of [its] deliveries”, said the message to eBay sellers.

“Yodel has experienced a cyber incident that has caused some disruption,” said Yodel in a statement given to IT Pro. “We are servicing customers but tracking is currently impacted.

RELATED RESOURCE

The state of brand protection 2021

A new front opens up in the war for brand safety

FREE DOWNLOAD

“As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can and have engaged with all relevant authorities.

“Yodel would like to sincerely apologise to their clients and their customers for any disruption this incident may have caused, and reassure them that the team are working around the clock to resolve this incident.”

The company said it has engaged with the Information Commissioner’s Office (ICO), National Crime Agency (NCA), and the National Cyber Security Centre (NCSC), in addition to hiring outside digital forensics experts.

Social media users have complained about the company’s lack of transparency about the incident, leaving many ‘in the dark’ over missing deliveries. The majority of complaints relate to being unable to track expected parcels.

Connor Jones
Contributor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.