Sobeys parent says total impact of cyber attack could be over $54 million

Share post:

The parent company of the Canadian Sobey’s and FreshCo supermarket chains says the direct and indirect costs from last year’s cyber attack could add up to over $54 million, not including insurance payments.

Empire estimates, based on available information, that the final impact on net earnings over fiscal 2023 and fiscal 2024 will be approximately $32 million, net of estimated insurance recoveries.

The numbers are included in the latest quarterly results issued today by Empire Co.

Direct impact of the November attack on the company’s net earnings are estimated at $39 million after an unspecified amount of insurance payments are received. In addition, the estimated cost of related sales and impacts such as the temporary loss of advanced planning, promotion, and fresh item management tools, temporary closures of pharmacies and customers’ inability to redeem gift cards and loyalty points is $15 million.

To put that in perspective, IBM estimated the average cost of a data breach to a Canadian organization was $7 million.

The quarterly report refers to the attack as a cyber incident, although Bleeping Computer says evidence suggests the company was hit by the BlackBasta ransomware gang.

“Empire is in the process of working with its insurance providers to make claims under its policies,” the quarterly financial report says in part. “Due to the complexity of the cyber insurance coverage and related claims, there will be a time lag between the initial incurrence of costs and the recognition of insurance proceeds. While the impact of the cybersecurity event is substantially behind the company, management expects that there will be some additional costs incurred after the third quarter of fiscal 2023.”

What the financials call the “cybersecurity event adjustment” — the $39.1 million — includes the impact of incremental direct costs such as hardware and software restoration costs, legal and professional fees labour costs and inventory shrink.

“Management believes that the cybersecurity event adjustment results in a useful economic representation of the underlying business on a comparative basis,” the report says. “The adjustment does not include management’s estimate of the full financial impact of the cybersecurity event, as it excludes the net earnings impacts related to the estimated decline in sales and operational effectiveness from impacts such as the temporary loss of advanced planning, promotion and fresh item management tools, the temporary closure of pharmacies, and customers’ temporary inability to redeem gift cards and loyalty points.” That would be the estimated $15 million.

The post Sobeys parent says total impact of cyber attack could be over $54 million first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways