Medusa Ransomware Hits Spanish Fashion Giant Tendam
Incident Date:
September 7, 2024
Overview
Title
Medusa Ransomware Hits Spanish Fashion Giant Tendam
Victim
Tendam (Grupo Cortefiel)
Attacker
Medusa
Location
First Reported
September 7, 2024
Medusa Ransomware Group Targets Spanish Fashion Giant Tendam
Spanish fashion giant Tendam, the parent company of brands like Cortefiel, Pedro del Hierro, Springfield, and Women'secret, has fallen victim to a ransomware attack by the Medusa hacker group. The attackers claim to have stolen 724.59 GB of confidential data from the company's servers and are demanding a ransom of $800,000 by September 17 to prevent the information from being leaked or sold. The stolen data reportedly includes sensitive business information and could potentially compromise customer data, given Tendam's extensive network of over 1,750 retail locations across 80 countries and its various online platforms.
Company Profile
Established in 1880, Tendam, previously known as Grupo Cortefiel, is a prominent player in the fashion retail sector. The company specializes in managing multiple fashion brands within the premium mass market segment. Tendam operates a diverse portfolio of brands, including Cortefiel, Women’secret, Springfield, and Pedro del Hierro. With more than 1,800 points of sale across nearly 80 countries, Tendam is one of Europe's leading omnichannel groups. The company is also known for its commitment to sustainability and corporate social responsibility.
Attack Overview
The ransomware attack was detected on September 5, 2024, and has raised significant concerns as it coincides with the 50th anniversary of Tendam's premium brand, Pedro del Hierro. The attack has also added uncertainty to the company’s plans for a potential IPO, which were already under review. While Tendam has confirmed the security breach, it assured that normal store operations and communications with third parties have not been affected. The company is currently assessing the full impact of the breach and determining if customer data has been compromised. The incident has been reported to authorities.
Medusa Ransomware Group Profile
Medusa is a ransomware group that emerged in late 2022 and gained notoriety throughout 2023 and into 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, the group allows affiliates to use its ransomware to launch attacks. Medusa has been involved in various high-profile attacks targeting multiple sectors globally, including the education, healthcare, and government sectors. The group's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts.
Potential Vulnerabilities
Tendam's extensive digital footprint, including its omni-channel platform that integrates both physical stores and e-commerce, makes it a lucrative target for ransomware groups like Medusa. The company's significant international presence and large volume of customer data further increase its vulnerability. The attack on Tendam underscores the growing threat of ransomware to large, multinational corporations and highlights the need for enhanced cybersecurity measures.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.