Company Still Recovering From March 1 Attack, SEC Filing Notes
The ODP Corp. reports it has suffered a loss of about $28 million due to a March 1 cyber incident at its business services and supplies subsidiary, CompuCom, that forced the company to shut down some of its operations.
ODP, which also operates the office supply retailer Office Depot, noted the loss in a Securities and Exchange Commission 8-K filing on March 26, but it did not describe the type of cyber incident that took place or the malware involved other than to say that CompuCom’s systems were affected and had still not recovered from the attack.
“The company estimates the loss of revenue to be between $5 million and $8 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers),” ODP says.
ODP estimates that recovery costs will total $20 million. It will pay for expenses related to CompuCom’s efforts to restore service delivery to affected customers and “to address certain other matters resulting from the incident,” according to the SEC filing.
ODP does not believe the attack exposed any customer information, the company notes.
A company spokesperson declined to elaborate further on the type of attack or how the company responded.
In a separate SEC Schedule TO filing, ODP reported its office supply competitor Staples is investigating the purchase of some, but not all, of ODP’s assets.
The malware attack did not affect all of CompuCom’s operations, and the company was able to deliver services to some of its customers throughout March, ODP says. Most of its systems were back online by March 17.
“The company expects that CompuCom will have service delivery restored to substantially all of its customers by the end of March 2021,” ODP says. “As a part of the restoration efforts, CompuCom has taken actions to efficiently and securely restore service delivery to its customers while hardening its systems with enhanced security measures and advanced anti-malware agents.”
The recovery process has included boosting the company’s cybersecurity protections and implementing what it calls advanced anti-malware agents.
Recent Cyber Incidents
Several other high-profile companies suffered cyber incidents in March.
Insurer CNA reported that on March 23 it was victimized by a malware incident that caused a network disruption and affected certain systems, including corporate email.
Canadian IoT device manufacturer Sierra Wireless reported on March 23 that it had suffered a ransomware attack over the weekend, forcing it to halt production.