Lumber Liquidators hit by malware attack that took down its network

Lumber Liquidators, a leading specialty retailer of hard-surface flooring in North America, announced that a malware attack took down its network.

North American hard-surface flooring retailer Lumber Liquidators revealed that it was victim of a security incident, a malware-based attack took down part of its network for nearly a week.

Lumber Liquidators has 416 locations in North America, it features more than 400 varieties of floors in the latest styles, including solid and engineered hardwood, bamboo, cork, laminate, waterproof vinyl plank and porcelain tile flooring. Additionally, Lumber Liquidators provides a wide selection of flooring enhancements and accessories to complement, install and maintain new floors.

The attack was discovered on August 21, when experts noticed indicators of infection in the network and computer systems of the company.

Lumber Liquidators immediately started the incident response procedure and begun the remediation operations, internal staff alongside external experts are investigating into the security breach.

“The Company first discovered the incident at approximately 9:15 am on Wednesday, August 21, 2019, when its network and computer systems began to manifest symptoms of malware that ultimately disabled certain corporate and store systems nationwide.” states the company. “The Company took immediate action to contain the incident and, within hours, the information technology team had mobilized to diagnose and begin remediation processes, including securing outside expertise to help ensure the Company could return to normal operations as soon as possible.”

The operations were restored on Tuesday, August 27, 2019, with very few exceptions. The company announced that the PoS network connecting the stores regained the ability to transact.

At the time of writing, the company hasn’t found evidence that suggests any possible compromise of sensitive and confidential consumer or employee data.

Lumber Liquidators confirmed that customer and employee data, including financial information, are stored on systems outside of its network that is protected with additional security measures.

The company did not provide technical details about the attack such as the type of malware that infected its systems.

“Our first priority has been to continue to serve our customers and aid our store employees in that effort,” commented Dennis Knowles, President and Chief Executive Officer. “I would like to thank the many employees who exhibited ingenuity and made personal sacrifices to ensure our customers’ needs were met.”

The Company will provide periodic updates as appropriate or required.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Lumber Liquidators, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.