NonStop Insider

job types

Site navigation

Recent articles



For monthly updates and news.
Subscribe here
NonStop Insider

Data Breach at German Supermarket Chain tegut



comforte logo new

comforte jun 21 - 1

The German supermarket chain “tegut” was recently the target of a cyberattack (source in German) and on April 24 the company activated emergency procedures that shut down their entire central IT network and disconnected it from the internet. While done to limit the exposure of sensitive data, these measures also had side effects including gaps in their supply chain and other services that lasted for weeks. Despite these mitigation efforts, the attackers have already begun to publish company and customer data on the dark web.

Tegut is a Swiss-owned supermarket chain that operates about 280 stores across central and southern Germany. They have had an annual turnover of over 1 billion EUR every year since 2017.

What kind of data was affected?

According to a press release from May 27, the attackers began publishing answers that customers had given to market research surveys, primarily those who were members of their customer rewards program “GuteKarte”. The leaks also included personal data, including home addresses, email addresses, and telephone numbers.

A week before that, it was announced that company data had been published online. According to the press release from May 18, it could not be ruled out that the affected company data included personal data of employees.

What services were affected during the shutdown?

Due to the emergency shut down, customers and employees experienced the following issues:

What motivated the attack?

The company has suggested that the incremental release of the stolen data by attackers is intended to increase “pressure” on them. In the press release following the second publication of stolen data, the company’s CEO commented (translated from German), “we will not reward criminal activity and we will not enter into negotiations with criminals. It is clear to us that the attackers are now increasing the pressure on [our company] and want to provoke uncertainty among our customers, employees, and suppliers in order to assert their demands.” It was not revealed in the press release what those demands are.

How did the company respond?

What can organizations do to mitigate attacks like this?

The number of data breaches continues to rise. According to ENISA’s Threat Landscape 2020, the total number of breaches by midyear 2019 increased by 54% compared to midyear 2018.

Cybercriminals are constantly looking for new ways to breach organizations and are finding ways to exploit value from any kind of data they are able to access. While payment card data is often the main focus, hackers will also resort to using personal data from customers to blackmail organizations.

Whether the concern is accidental exposure or external attackers like in this scenario, the best strategy is to assume that sooner or later, sensitive data at your organization is going to be compromised, one way or the other. That is why the focus shouldn’t solely be on protecting the containers that data is stored in, but rather the data itself should be protected in a data-centric security approach. That way, in the likely event of a breach, attackers will find themselves in a proverbial empty vault full of obfuscated data with no exploitable value.

A data-centric security strategy starts with the assumption that the organization has already been compromised and therefore, whenever possible, sensitive data must be protected throughout the organization wherever live data had been formerly used. In many situations, live data can be replaced with operationally and functionally equivalent data elements that still enable operations and analytics, yet have no discernible value to any person who may gain unauthorized access to them. The outcome is that attacks and accidental exposures are more difficult, detectable, and manageable than they are with the traditional perimeter based defences, monitoring, and controls.

Want to learn more?

Data-centric security protects the data itself so that even in the event of a breach, no exploitable data is exposed. There are many cases were processes can be carried out on data while it’s still in a protected state, allowing digital organizations to continue humming along while keeping sensitive data safe. To learn more, check out our data protection platform solution brief:

Download Solution Brief