Incident Details

Incident: Ransomware Attack on Pitney Bowes Shipping and Mailing Services

Published Date: 2019-10-15

Postmortem Analysis
Timeline	1. The software failure incident at Pitney Bowes happened in 2019 (Published on 2019-10-15) [90758]. 2. The software failure incident at The Works happened in 2022 (Published on 2022-04-05) [126598].
System	1. Pitney Bowes' shipping and mailing services systems [Article 90758] 2. The Works' tills and deliveries systems [Article 126598]
Responsible Organization	1. Hackers targeted Pitney Bowes with ransomware, causing the software failure incident [Article 90758]. 2. Hackers targeted The Works with ransomware, leading to a cyber attack and software failure incident [Article 126598].
Impacted Organization	1. Pitney Bowes [90758] 2. The Works [126598]
Software Causes	1. Ransomware attack that encrypted information on systems and disrupted client access to services at Pitney Bowes [90758]. 2. Ransomware attack targeting The Works, causing issues with the company's tills, disrupting deliveries, and temporarily suspending new stock deliveries to shops [126598].
Non-software Causes	1. Lack of disclosure by private companies affected by ransomware attacks [90758] 2. Increase in targeted ransomware attacks against enterprise networks [90758] 3. Decrease in attacks on individual users [90758] 4. Failure to provide basic security against cyber attackers [126598] 5. Out-of-date computer systems not updated to secure against attacks [126598]
Impacts	1. Pitney Bowes experienced a ransomware attack that encrypted information on some systems and disrupted client access to their services, particularly affecting their shipping and mailing services [90758]. 2. The Works had to close five of its 526 shops due to a cyber attack using ransomware, causing issues with the company's tills and disrupting deliveries to its stores. The attack also resulted in temporary suspension of new stock deliveries to shops and longer delivery times for online orders [126598].
Preventions	1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and employee training to prevent ransomware attacks [90758, 126598]. 2. Ensuring proper firewall configurations and intrusion detection systems to quickly identify and respond to cyber threats [126598]. 3. Regularly updating and patching software systems to address known vulnerabilities that could be exploited by hackers [126598]. 4. Segregating sensitive data from the main network to limit the impact of a potential breach [90758]. 5. Having a comprehensive incident response plan in place to quickly contain and mitigate the effects of a cyber attack [90758, 126598].
Fixes	1. Enhancing cybersecurity measures such as implementing robust firewalls, intrusion detection systems, and encryption protocols to prevent future ransomware attacks [90758, 126598]. 2. Conducting regular security assessments and audits to identify vulnerabilities and address them promptly [90758, 126598]. 3. Educating employees on cybersecurity best practices to prevent inadvertent actions that could lead to malware infections [126598]. 4. Implementing data segregation practices to ensure that sensitive customer data is stored separately from the main systems, reducing the impact of potential breaches [90758]. 5. Collaborating with external cybersecurity experts to assess the current security posture, conduct investigations, and implement necessary recovery measures [126598].
References	1. Pitney Bowes company statement on its website [90758] 2. Cybersecurity firm Recorded Future [90758] 3. FBI spokesperson [90758] 4. The Works company statement [126598] 5. Information Commissioner's Office (ICO) [126598] 6. Steve Sands, Chair - Information Security specialist group at BCS [126598] 7. Hugh Raynor, senior consultant at cyber security firm SureCloud [126598]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident having happened again at one_organization: - Pitney Bowes, a technology company based in Connecticut, was hit by a ransomware attack that encrypted information on some systems and disrupted client access to their services [Article 90758]. - The incident at Pitney Bowes is an example of a software failure incident happening again within the same organization. (b) The software failure incident having happened again at multiple_organization: - The Works, a British discount stationery and books retailer, was targeted in a cyber attack involving ransomware, causing issues with the company's tills and disrupting deliveries to its stores [Article 126598]. - The incident at The Works is another example of a software failure incident happening at a different organization due to a ransomware attack.
Phase (Design/Operation)	design, operation	(a) The software failure incident occurring due to the development phases: - The incident at Pitney Bowes was a result of a ransomware attack that encrypted information on some systems and disrupted client access to services. The company confirmed that its systems were affected by a malware attack, indicating a failure introduced during the system development phase [90758]. (b) The software failure incident occurring due to the operation phases: - The cyber attack on The Works resulted in issues with the company's tills and disrupted deliveries to its stores. The attack caused new stock deliveries to shops to be temporarily suspended and longer delivery times for online orders, showcasing a failure introduced during the operation phase of the system [126598].
Boundary (Internal/External)	within_system, outside_system	(a) within_system: The software failure incident at Pitney Bowes was caused by a ransomware attack that encrypted information on some systems and disrupted client access to services [90758]. The attack originated from within the system, affecting the company's shipping and mailing services the most. Pitney Bowes confirmed that its software and data products were not directly affected because they don't access the backend systems of the company's network [90758]. (b) outside_system: The software failure incident at The Works was also due to a ransomware attack, where hackers targeted the British discount stationary and books retailer with ransomware, causing issues with the company's tills and disrupting deliveries to its stores [126598]. The attack originated from outside the system, and the company's tech team quickly disabled the computers after being alerted to the breach by their firewall system [126598].
Nature (Human/Non-human)	non-human_actions	(a) The software failure incident occurring due to non-human actions: - In the incident involving Pitney Bowes, the company confirmed that their systems were affected by a malware attack that encrypted information on some systems and disrupted client access to their services. This incident was caused by a ransomware attack, which is a form of malware that infects a computer or network, encrypting files and data, preventing user access until a ransom is paid [90758]. - The cyber attack on The Works was also attributed to hackers using ransomware, a type of computer virus that allows attackers to take control of a system and demand money for its return. The attack resulted in issues with the company's tills, disrupted deliveries to stores, and temporarily suspended new stock deliveries and longer delivery times for online orders [126598]. (b) The software failure incident occurring due to human actions: - The articles do not provide specific information indicating that the software failure incidents at Pitney Bowes or The Works were directly caused by human actions. Both incidents were attributed to ransomware attacks carried out by hackers, which are typically initiated by non-human actions such as malware infections [90758, 126598].
Dimension (Hardware/Software)	software	(a) The articles do not provide information about the software failure incident occurring due to hardware-related contributing factors. (b) The software failure incidents reported in the articles are due to ransomware attacks, which are a type of malware that encrypts files and data, preventing users from accessing them. The attackers then demand a ransom for the decryption key. The incidents at Pitney Bowes and The Works were both ransomware attacks that affected their systems, disrupted services, and led to the closure of some stores [90758, 126598].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident reported in both articles is malicious in nature. In Article 90758, Pitney Bowes was targeted in a ransomware attack where hackers encrypted information on some systems, disrupting client access to services and demanding a ransom for decryption key [90758]. Similarly, in Article 126598, The Works was hit with ransomware, causing issues with the company's tills, disrupting deliveries, and leading to the closure of some stores [126598]. These incidents involved attackers taking control of systems with the intent to harm the organizations and demand money for the return of access, indicating a malicious objective behind the software failure incidents.
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The intent of the software failure incident related to poor_decisions: - The software failure incident at Pitney Bowes was a result of a ransomware attack, which is a form of malware used to infect a computer or network by encrypting files and data, preventing users from accessing them. The attackers then demand a ransom to obtain the decryption key [90758]. - The incident at The Works was also a result of a ransomware attack, where hackers targeted the company with ransomware, causing issues with the company's tills and disrupting deliveries to its stores. The company's tech team quickly managed to disable the company's computers after being alerted to the breach by their firewall system [126598]. (b) The intent of the software failure incident related to accidental_decisions: - The articles do not provide information indicating that the software failure incidents at Pitney Bowes or The Works were due to accidental decisions.
Capability (Incompetence/Accidental)	development_incompetence	(a) The software failure incident occurring due to development incompetence: - The incident at Pitney Bowes was a ransomware attack that affected their systems, particularly their shipping and mailing services. The attack encrypted information on some systems and disrupted client access to their services [90758]. - The Works was targeted in a cyber attack with ransomware, causing issues with the company's tills and disrupting deliveries to its stores. The attack resulted in the closure of some stores due to till issues and disrupted business operations [126598]. (b) The software failure incident occurring accidentally: - The incident at The Works was described as likely an 'opportunist' cyber-attack that was not directly targeted against the company. It was suggested that the attack may have been a result of a user clicking a link or opening an attachment that contained malware, indicating a potential accidental introduction of the attack [126598].
Duration	temporary	(a) The software failure incident reported in Article 90758 involving Pitney Bowes was temporary. The company confirmed that their systems were affected by a malware attack that encrypted information on some systems and disrupted client access to their services. However, the company's software and data products were not directly affected because they don't access the backend systems of the company's network, and there was no evidence that customer accounts or data were impacted [90758]. (b) The software failure incident reported in Article 126598 involving The Works was also temporary. The company's tech team quickly managed to disable the company's computers after being alerted to the breach by their firewall system. The incident caused issues with the company's tills, disrupted deliveries to its stores, and resulted in longer delivery times for online orders. The company took actions such as disabling internal and external access to its systems and working with external cyber security experts to evaluate and rectify the situation [126598].
Behaviour	crash, omission, other	(a) crash: - Article 90758 reports a ransomware attack on Pitney Bowes, which encrypted information on some systems and disrupted client access to services, indicating a crash in the system's functionality [90758]. (b) omission: - The Works experienced a ransomware attack that caused issues with the company's tills and disrupted deliveries to its stores, resulting in the omission of performing its intended functions [126598]. (c) timing: - There is no specific information in the provided articles indicating a timing-related failure. (d) value: - The articles do not mention any failure related to the system performing its intended functions incorrectly. (e) byzantine: - There is no mention of a byzantine behavior in the reported software failure incidents. (f) other: - The ransomware attack on The Works resulted in the closure of some stores due to till issues, disruption in deliveries, and suspension of new stock deliveries, which could be categorized as a combination of crash and omission behaviors [126598].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property, delay, non-human, unknown	(a) unknown (b) unknown (c) unknown (d) [90758] The software failure incident at Pitney Bowes resulted in the encryption of information on some systems and disrupted client access to services. However, there was no evidence that customer or employee data had been improperly accessed. (e) [126598] The software failure incident at The Works caused issues with the company's tills, disrupted deliveries to its stores, and resulted in longer delivery times for online orders. (f) [90758, 126598] In both incidents at Pitney Bowes and The Works, the software failure impacted the companies' operations, with Pitney Bowes' shipping and mailing services being hit the hardest and The Works experiencing closures of some stores and disruption to trading and business operations. (g) unknown (h) unknown (i) unknown
Domain	information, sales, other	(a) The failed system in the incident reported in Article 90758 was related to the production and distribution of information. Pitney Bowes, a technology company providing ecommerce, shipping, data, and mailing services, confirmed a malware attack that encrypted information on some systems and disrupted client access to their services [90758]. (b) The incident in Article 126598 affected the transportation industry. The Works, a discount stationery and books retailer, had to shut some of its stores due to a cyber attack with ransomware, causing issues with the company's tills and disrupting deliveries to its stores [126598]. (m) The incident in Article 126598 could also be categorized under the "other" industry option as it involved a retail company, which does not fall directly into the specified industry categories but is a distinct sector in its own right.

Sources

Yet another company has been hit by a ransomware attack - CNN - Published on: 2019-10-15
Article ID: 90758
The Works hit by cyber attack: Retailer forced to close stores after hackers use ransomware - Daily Mail - Published on: 2022-04-05
Article ID: 126598

Back to List