Lumber Liquidators revealed that a malware infection on its systems compromised neither its employees' nor its consumers' sensitive data.
On 27 August, the American hardwood flooring retailer said all but a very small number of stores had regained the ability to process transactions normally using their point-of-sale (POS) systems following a network security incident. The company first discovered the event on 21 August when its network and computer systems began to exhibit symptoms indicative of a malware attack. These issues subsequently disabled certain corporate and store systems across the United States. In response, Lumber Liquidators mobilized its IT team to investigate the incident and lead the remediation process. This team's efforts failed to uncover evidence of the infection having affected employees' or consumers' sensitive or confidential information. The retailer went on to note that it stores the vast majority of this data on systems external to its network. Dennis Knowles, President and Chief Executive Officer, said that the company has been working with its digital insurance carrier throughout the incident. He also clarified that the IT team's investigation into this attack remains ongoing. As quoted in a statement shared by Yahoo Finance:
Our diligent work over the past several years to develop system redundancies and business continuity plans paid dividends that were made apparent in our ability to remain open while working to restore our systems. We used manual workarounds to facilitate transactions and brought in outside resources to help ensure we returned to normal operations as soon as possible....
Knowles concluded by thanking customers for their patience as the company transitions into a period of broader recovery efforts and forensic analysis.
The incident at Lumber Liquidators underscores the importance of organizations taking steps to protect themselves against a malware infection. One of the best ways they can do this is by advancing in malware detection tool capable of spotting known malware signatures and behavior indicative of zero-day threats. Learn how Tripwire can help.