Hackers attack Spanish fashion multinational Tendam, demand 800,000 dollar ransom

A group of hackers has attacked the computer systems and databases of Spanish fashion giant Tendam, the parent company of chains such as Cortefiel, Pedro del Hierro, Springfield and Women'secret. The cybercriminals are now demanding 800,000 dollars to prevent them from leaking or selling the more than 720 gigabytes of confidential information they say they stole from the servers.

The news of the incident, which has already been confirmed by sources close to the Spanish fashion company and has been broken by the specialised cybersecurity firm Hack Manac, could not have come at a worse time for the Madrid-based company. Today was supposed to be one of the most important days of the last decades with the official opening of the exhibition "Pedro del Hierro, del maestro a la marca". This exhibition, which will finally open its doors to the public next Wednesday, September 11, at the Museo Lázaro Galdiano in Madrid, has been organised by the museum and the cultural management company La Fábrica, in collaboration with Tendam.

The Spanish fashion giant is celebrating the 50th anniversary of the fashion house Pedro del Hierro with the exhibition. Founded in 1974 by the Madrid-based designer of the same name, this fashion house has been part of the Tendam portfolio since 1990, when it was still known as Grupo Cortefiel. Within this portfolio, Pedro del Hierro stands out as the group's "premium" fashion brand and therefore has an added value that the multinational will undoubtedly want to highlight during the celebration of its 50th anniversary. All this coincides with the current celebrations of Madrid Fashion Week, where the opening of the exhibition is part of the official programme of the Madrid es Moda initiative. And, let's not forget the ongoing plans that the company led by Jaume Miquel has repeatedly announced for a possible IPO.

Given this context, there is no doubt that the attack on the IT systems has only fuelled the doubts that already existed about the IPO. There were already doubts about Tendam's intentions to continue with its renewed plans to become a listed company again. Only two weeks ago, on 27 August, Tendam's management stated that the company was still assessing "possible strategic alternatives" for the future, "including a possible public offering of shares on a regulated market". This move to the stock exchange could now be definitively off the table, following the disappointing results of Puig's IPO and this cyber attack. Puig's apparently "brilliant" IPO had until now been seen as a stepping stone for Tendam to become listed as well.

Although all types of companies, both listed and unlisted, can suffer from cyber attacks, it is certainly not a calling card with which you want to present yourself to a group of important shareholders who have to assess a possible IPO. And this while the announcement of the IPO, precisely in light of the opening of this exhibition in honour of Pedro del Hierro in Madrid, was in the air.

Hackers demand 800,000 dollars ransom by September 17

As for the attack itself, the aforementioned cybersecurity firm Hack Manac reported last Saturday, September 7, 2024, that Tendam's servers had been "attacked" by the Medusa hacker group. This group of hackers managed to bypass the firewalls of the Spanish fashion giant's servers and steal 724.59 GB of confidential data through their well-known "ransomware" attack. With this method, they use the "malware" or malicious software Medusa to "hold hostage" the information of their victims.

As a result of the attack and the huge amount of data stolen from the servers, the group of hackers is demanding a 800,000 dollars “ransom” from the Spanish fashion giant. This amount must be paid before the deadline set by the cybercriminals of Tuesday, September 17, 2024, in order to regain access to the information and prevent it from being sold or leaked. This is especially worrying if the hackers have gained access to the confidential information that Tendam holds about its large customer base.

The company serves its customers through a commercial network of more than 1,750 points of sale in 80 countries, supplemented by various online platforms and loyalty programs. Tendam indicates that it is currently conducting analyses to determine the extent of the attack, but cannot rule out that customer data has also been compromised.

"In the early morning of September 5, we detected a security incident in our computer systems," a spokesman for the Spanish fashion giant admitted to Spanish newspaper El País. Sources close to the company confirmed the cyberattack to the same newspaper, adding that, although "limited", it affected the activities of the Tendam group, but that the normal operations of the store network remained unaffected.

"Our operations and communications with third parties are secure," concluded the Spanish fashion giant's management. In doing so, Tendam joins the ever-growing list of companies that have been successfully hit by cyberattacks, at a particularly delicate moment when it is laying the foundations for the future of the multinational. This list already includes organisations and companies such as Banco Santander, the Argentine stock market watchdog CNV, Telefónica, Iberdrola and, more recently, the supermarket chain Alcampo.

This article originally appeared on FashionUnited.ES. Translation via AI and edit by Rachel Douglass.