Global retailer 7-Eleven closed all of its stores in Denmark yesterday after a suspected “hacker attack” took out its cash registers and payment systems.

“We suspect that we have been the victim of a hacker attack today,” the company said in a statement on Facebook last night. “We can’t use the cash registers nor accept payments. We are therefore closed until we know the extent” of the attack.

7-Eleven closed all 175 of its stores in Denmark following the incident, although it has since reopened five outlets, according to a statement issued this morning.

A 7-Eleven store in Copenhagen, Denmark.
7-Eleven joins Co-op and Spar in suffering a cyberattack that shut down point-of-sale systems. (Photo by anouchka/iStock)

The company was alerted to the attack when employees reported that its payment systems had shut down, Danish manager Jesper Ostergaard told local TV channel DR. “The cash registers just stopped working in all the stores and the employees started letting us know,” he said. “That has never happened before.”

Details on the nature or source of the attack have yet to emerge.

The incident is the latest in a string of cyberattacks that have disrupted retailers’ point-of-sale systems. Last year, for example, supermarket chain Co-op closed 500 of its stores in Sweden after one such attack.

In January this year, a ransomware attack shut down card payment systems at 600 outlets of Spar in the UK. Ransomware group Vice Society claimed responsibility for the Spar attack.

Kevin Beaumont, head of the SOC at Arcadia and a former threat researcher at Microsoft, observed on Twitter that some of these incidents followed supply chain attacks on the retailers’ managed service providers (MSPs).

The attack on Co-op in Sweden, for example, was traced to an MSP that used software from Kaseya, the US vendor that was compromised in July last year.

In reference to last week’s cyberattack that affected UK medical advice service NHS 111, Andy Norton, European cyber risk officer at cybersecurity vendor Armis, told Tech Monitor that service disruptions are an indication of ransomware attacks.

7-Eleven cyberattack is one of many

The cyberattack on 7-Eleven in Denmark is the second attack the company has suffered so far this month. Last week, TV screens in its Taiwanese stores were reportedly hijacked to broadcast messages telling US speaker Nancy Pelosi to “get out of Taiwan”.

In 2019, a flaw in 7-Eleven’s Japanese payment app allowed a hacker to make fraudulent charges on hundreds of customer accounts. A new feature introduced a glitch that allowed hackers to redirect password reset emails if they knew the user’s date of birth, email address and phone number. 

Unless the customer has entered their birthday, the app set it as January 1st 2019 by default making the hack easier to execute. Around 900 customers were affected, and  ¥55m ($500,000) was stolen.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.

Read more: NHS 111 cyberattack is a sign of the ‘new normal’