Ace holed: Hardware store empire felled by cyberattack

Ace Hardware appears to have been the latest organization to succumb to a cyberattack, judging by its website and a message from CEO John Venhuizen.

The site today warns that the retailer-owned cooperative is unable to process online orders. A memo from Venhuizen indicates the problem is serious.

In a note sent to Ace retailers this week, Venhuizen said: "On Sunday morning, we detected a cybersecurity incident that is impacting the majority of our IT systems. As a result of this incident, many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center’s phone system, have been interrupted or suspended."

At the time of writing, Ace had not responded to The Register's request for further information. Judging by commentary on social media, things are not going well inside. Netizens claiming to work at the multibillion-dollar org's warehouses have reported being sent home, and others fear they won't be paid on time.

The most recent updates seen by The Register warn that no deliveries will be made today, October 31, and that Ace Hardware is unable to receive orders from its retailers. Those stores should, however, remain open, and the organization noted there was no known impact to either in-store payment systems or credit card processing.

In other words, it appears you can buy stuff in stock from an Ace shop in person but if you need to use Ace corporate, to place an order or use some other service, you'll be out of luck.

• Cybersecurity snafu sends British Library back to the Dark Ages
• 'How not to hire a North Korean plant posing as a techie' guide updated by US and South Korean authorities
• CISOs' salary growth slows – with pay gap widening
• Forget the outside hacker, the bigger threat is inside by the coffee machine

Ace Hardware has yet to clarify the type of attack it has suffered, only that it is working to restore systems and operations and has had to call in some digital forensic experts to help out.

"Your Ace team, along with the support of a group of technical forensic experts, is working feverishly to resolve this situation," the CEO added to his retailers. "Nothing is more important than restoring all operations as soon as humanly possible. As we are dealing with a fast moving, dynamic situation, details will be changing rapidly."

There are a whole bunch of vulnerabilities out there that could have been exploited to take down the org's IT; Citrix users were urged to patch a critical Netscaler bug last week. We note MGM Resorts admitted that September's cyberattack had likely cost the entertainment giant $100 million.

Ace Hardware Corporation is described as the world's largest retailer-owned hardware cooperative, and is headquartered in Illinois, USA. The biz sells tools and other things you'll need for DIY, and says it has more than 5,000 stores worldwide, most of which are independently owned and operated.

The company has seen a decrease in its revenues recently and reported $2.1 billion for the first quarter of 2023, a decrease of 5.8 per cent compared to the same time in the previous year.

It was also ranked the 6th most trusted retailer in the US according to Newsweek's Most Trusted Companies in America. ®