Cosmetics company Avon offline after cyber attack

Parts of the UK website of Brazilian-owned cosmetics and beauty company Avon remain offline more than a week after an alleged ransomware attack on its IT systems.

The attack is understood to have impacted the back-end systems used by its famous sales representatives in multiple countries besides the UK, including Poland and Romania, which are now back online. This has left people unable to place orders with the company.

Avon disclosed the breach in a notification to the US Securities and Exchange Commission (SEC) on 9 June 2020, saying it had suffered a “cyber incident” in its IT environment that had interrupted systems and affected operations.

In a follow-up disclosure on 12 June, Avon said: “Avon … after suffering the cyber incident communicated on 9 June, 2020, is planning to restart some of its affected systems in the impacted markets throughout the course of next week.

“Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data. Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.”

In a statement circulated to the Northampton Echo ­­– Avon’s UK operations are based in the town – the firm’s CEO, Angela Cretu, said the attack had only partially affected operations, and that the firm had now launched an investigation, engaged security forensics teams, and alerted law enforcement.

Cretu said Avon’s teams were working around the clock to re-establish the affected systems, and that if the company did confirm any activity affecting customer or representative data, those people would be notified and supported.

She added: “The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously.”

Although further details of the attack are not forthcoming, some early reporting has established that it may have been carried out by the cyber criminal organisation behind the DoppelPaymer ransomware strain – although this has yet to be confirmed by the group itself, which, like some of its peers, maintains a website where it leaks details of organisations it has attacked.

“At first blush, this appears to be another cyber attack by hackers that are holding Avon systems for ransom,” said Pixel Privacy’s Chris Hauk. “If this does turn out to have been a ransomware attack, it underscores the need for companies like Avon to educate their employees and executives as to the dangers of clicking links and opening attachments in emails and other communications.

“It should be noted that Avon’s restoration of access to the cosmetic firm’s Poland and Romania back-ends indicates that the company did have backups of its data, which it is using to restore services. Companies should always have recent backups of their data, which is kept separate from their day-to-day systems.”

Computer Weekly contacted Avon for further details, but had received no response at the time of writing.