Sobeys parent says total impact of cyber attack could be over $54 million

Share post:

The parent company of the Canadian Sobey’s and FreshCo supermarket chains says the direct and indirect costs from last year’s cyber attack could add up to over $54 million, not including insurance payments.

Empire estimates, based on available information, that the final impact on net earnings over fiscal 2023 and fiscal 2024 will be approximately $32 million, net of estimated insurance recoveries.

The numbers are included in the latest quarterly results issued today by Empire Co.

Direct impact of the November attack on the company’s net earnings are estimated at $39 million after an unspecified amount of insurance payments are received. In addition, the estimated cost of related sales and impacts such as the temporary loss of advanced planning, promotion, and fresh item management tools, temporary closures of pharmacies and customers’ inability to redeem gift cards and loyalty points is $15 million.

To put that in perspective, IBM estimated the average cost of a data breach to a Canadian organization was $7 million.

The quarterly report refers to the attack as a cyber incident, although Bleeping Computer says evidence suggests the company was hit by the BlackBasta ransomware gang.

“Empire is in the process of working with its insurance providers to make claims under its policies,” the quarterly financial report says in part. “Due to the complexity of the cyber insurance coverage and related claims, there will be a time lag between the initial incurrence of costs and the recognition of insurance proceeds. While the impact of the cybersecurity event is substantially behind the company, management expects that there will be some additional costs incurred after the third quarter of fiscal 2023.”

What the financials call the “cybersecurity event adjustment” — the $39.1 million — includes the impact of incremental direct costs such as hardware and software restoration costs, legal and professional fees labour costs and inventory shrink.

“Management believes that the cybersecurity event adjustment results in a useful economic representation of the underlying business on a comparative basis,” the report says. “The adjustment does not include management’s estimate of the full financial impact of the cybersecurity event, as it excludes the net earnings impacts related to the estimated decline in sales and operational effectiveness from impacts such as the temporary loss of advanced planning, promotion and fresh item management tools, the temporary closure of pharmacies, and customers’ temporary inability to redeem gift cards and loyalty points.” That would be the estimated $15 million.

The post Sobeys parent says total impact of cyber attack could be over $54 million first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Microsoft announces enhanced security feature for OneNote

Microsoft has released further information on the increased security measures it is deploying for OneNote in order to...

Russian hacker group steals Emails of NATO officials and diplomats

Since February 2023, a Russian hacking gang known as TA473 or 'Winter Vivern' has targeted unpatched Zimbra endpoints...

Canadian cybersecurity accelerator counts its accomplishments

A Canadian university-associated business accelerator for helping early-stage cybersecurity companies says its first two years of operation have been more than satisfactory. The Rogers Cybersecure Catalyst Accelerator has had “an incredible impact” on Canadian cybersecurity entrepreneurs and founders, executive director Charles Finlay said this week in the first report on the program’s progress. Despite having

Crackdown on ransomware gangs yet to show an impact: OpenText

In its annual cybersecurity report OpenText also looked at malware, phishing and infec

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways