IN SPORT, a NSW-based retailer, had its head office server and computers ransomwared last week and is unsure exactly what files the attackers accessed.
The company said in a letter to customers that the attack was detected on Saturday May 16.
“On discovering the virus, IN SPORT immediately took its head office system offline,” it said.
The retailer said its online systems - which run on Shopify - were unaffected.
Its retail stores were also able to continue to operate because each runs systems independently of the others.
The company brought in external IT and security specialists “to isolate and rebuild our head office system”, and said that work was completed on Wednesday last week.
While it was able to restore from backup, IN SPORT said it was “uncertain what files the virus has accessed”.
It urged customers to be on alert for “unusual emails or activity regarding their personal information”, though it said it did not hold credit card information or customer passwords.
“The information that may be taken includes email addresses, shipping address, and phone numbers,” it said.
A cache of documents purported to be from IN SPORT were published to the dark web early last week by the attackers, after appearing to be unable to secure a ransom.
The attackers used the REvil/Sodinokibi ransomware, which exploits a 2018 elevation of privilege vulnerability in Windows.
The ransomware is able to wipe the contents of folders, encrypt data and “exfiltrate basic host information”, according to SecureWorks.
An IN SPORT spokesperson declined to comment further on the attack when reached by iTnews.
“We sent an email to all our email contacts and customers potentially affected by the incident last week,” the spokesperson said.
“We have no further comment to add than what has already been stated.”