Separate incidents with Nisa and Bestway’s computer systems have led to personal retailer data being leaked online and the temporary closure of cash and carries nationwide.
The incidents follow a series of previous data leaks, with claims that an unnamed major wholesaler was held to ransom last year by hackers.
Commenting on the convenience wholesale industry’s attitude to data security overall, one security expert told betterRetailing it “would not be surprising” to find the sector storing information on outdated systems that do not support the most recent security software.
Last month, the emails and IP addresses of what was claimed to be thousands of Nisa store owners and employees were leaked on the wholesaler’s internal retailer site.
betterRetailing understands the data was listed on a page with Co-op branding.
A Nisa retailer, who asked not to be named, said: “A company like Nisa shouldn’t have allowed the details of everyone to be seen like that. It makes you ask how safe our data is if the information was leaked a few clicks away from the main page.”
When the issue was raised to the symbol group by retailers, Nisa said it had resolved the issue.
In a message sent by the wholesaler and seen by betterRetailing, it said: “Thanks once again for bringing this issue to our attention. We are pleased to inform you it has now been resolved with improvement action.
“You can be assured Nisa and Co-op take the security of data very seriously and make every effort to ensure any incidents are kept to a minimum while at the same time managing any associated impact for the business or partners.”
When asked to comment on the issue by betterRetailing, a Nisa spokesperson confirmed there was a data leak internally, but did not state the cause. They said: “There was no external data leak [to the public] at any point. Nisa takes the security of its data extremely seriously and we were pleased this year to receive the Cyber Essentials Certification from the National Cyber Security Centre, to add to the Cyber Essentials Plus accreditation.”
betterRetailing understands there was an incident last year where cyber criminals hacked a Nisa employee’s email and sent fraudulent communications to partners.
A Bestway spokesperson confirmed an “IT incident” in a separate issue on 30 January had caused disruption to trading nationwide.
Bestway customers were unable to use the cash and carries during the day as the issue stopped them from making payments at the tills. The issue had no effect on Bestway’s delivered wholesale or customer support services.
The wholesaler’s spokesperson said the company was able to restore systems and resume trading the following day.