Report: Ace Hardware Unable to Accept Online Orders Amid Cyberattack

Ace Hardware is reportedly recovering from a cyberattack that has left it unable to accept online orders.

The news was first reported Sunday (Oct. 29) and has continued into Friday (Nov. 3), Engadget reported Friday.

As of Friday morning, the home page of the home improvement retailer’s website has a banner reading: “We are currently unable to process orders online. Need it now? Visit your local Ace store.”

Ace Hardware did not immediately reply to PYMNTS’ request for comment.

A note said to be from the company and posted on Reddit attributed the outage to “a malicious cyberattack,” according to the Engadget report. It also said that the incident affected warehouse management, invoice and other delivery systems.

An update issued on Monday (Oct. 30) said that in-store payment and service systems were not impacted and urged stores to stay open, the report said.

About one-fifth of the company’s servers and networked devices were impacted by the attack, and about half of those were restored by Thursday, per the report.

Ace Hardware also cautioned retailers to be cautious of spoofed email updates, attempts to remotely access in-store systems and other attempts by cybercriminals to take advantage of the situation, according to the report.

This report comes on the heels of several other reports of cyberattacks.

It was reported on Monday (Oct. 30) that a Russian-speaking hacking group accessed the email addresses of about 630,000 U.S. Federal employees at the Department of Defense and the Department of Justice. The cyberattack happened in May and exploited vulnerabilities in the popular file transfer tool MOVEit.

About three weeks earlier, on Oct. 4, it was reported that a group of hackers known as Scattered Spider were behind a cyberattack on Clorox that resulted in a nationwide shortage of its cleaning products. The attack was first disclosed by Clorox in August and significantly reduced sales and profit for the company in the quarter ended in September.

In a third recent cyberattack, it was reported in September that Caesars Entertainment fell victim to such an attack during the summer and paid a ransom of approximately $15 million to the hackers.