Ukraine's biggest home improvement chain, has confirmed a major cyberattack that disrupted operations across dozens of stores, disabled sales systems, and caused widespread logistical issues.
The incident occurred on Monday, leaving customers unable to complete purchases or access online services including the company's app and website. In a statement issued Tuesday, Epicentr described the event as a "deliberate attack by malicious actors" that severely impacted its IT infrastructure.
Although the retailer did not identify the perpetrators or specify the attack method, the consequences have been significant. Some stores resumed operations by Tuesday, but critical systems, including accounting software, remain affected. The company revealed that essential financial data and registries were missing, hindering the production of tax and financial reports.
The attack also disrupted order fulfilment, with Epicentr warning of delivery delays, issues with parcel tracking, and limitations at pickup points. With more than 70 shopping centres and 29,000 employees, Epicentr is one of Ukraine's largest private companies.
This incident is part of a broader trend of cyberattacks targeting Ukrainian infrastructure amid the ongoing conflict with Russia. Earlier this year, agribusiness giant MHP and state rail operator Ukrzaliznytsia were also hit by major cyber incidents. Additionally, Epicentr and Ukrzaliznytsia have suffered repeated missile strikes since the Russian invasion began.
Ukraine's digital infrastructure has come under sustained pressure, with past attacks affecting telecoms, state registries, and data centres serving key public and private sectors.
Cybersecurity experts warn that large retailers globally remain prime targets for cybercriminals. For example, the UK's Marks & Spencer recently faced a prolonged cyber incident, further highlighting the risks to major commercial networks worldwide.
Source: www.therecord.media