London & Zurich ransomware attack sparks financial crisis for businesses
Details on when exactly full services will resume remain elusive
Direct debit collection giant London & Zurich has fallen victim to a ransomware attack, leaving businesses in disarray and customers with six-figure payment backlogs.
The attack, which began on 10th November, led to widespread outages and communication breakdown, exacerbating the financial strain for businesses relying on the company's services.
"Upon learning about the incident, we immediately initiated an investigation with the assistance of third-party cybersecurity experts and took steps to contain the incident, including identifying and terminating access to the impacted servers," the firm stated on its website.
"We are working diligently to rebuild the servers in a new, clean environment. This process is ongoing. We will provide updates as they are available, and as appropriate."
The incident has been reported to regulatory bodies, including the Information Commissioner's Office (ICO) and the Financial Conduct Authority (FCA), with active cooperation with law enforcement agencies.
The ongoing investigation aims to uncover the extent of the breach, identify potential data compromise, and determine the methods employed by the attackers.
Addressing concerns about data security, L&Z assured clients that they would be promptly notified if any sensitive data, for which they act as data controllers, is identified as impacted.
London & Zurich, based in Solihull, is a major player in direct debit transactions for businesses in the UK, serving a diverse range of clients, including notable names like the Eden Project and ICPA.
The incident has exposed (not for the first time) the vulnerability of businesses heavily reliant on third-party service providers for essential financial operations.
The timeline of the incident reveals that London & Zurich initially reported "access issues" on November 10, escalating to a "major service outage."
Customers were initially informed that payment collections might be disrupted until 13th November. The company's status page is being regularly updated, with a significant update on 14th November confirming the ransomware nature of the attack.
One managed service provider (MSP) told The Register that it has accumulated a backlog exceeding $124,000 since the attack commenced.
The MSP, struggling to cope with the prolonged outage, expressed confusion over the communication from London & Zurich about exactly when they could expect services to return to normal.
Conflicting information, such as the direct debit portal being projected to be operational by 23rd November according to the status page but emails indicating a delay until 28th November, has left customers uneasy.
The MSP director highlighted the financial impact, stating, "We've just been left entirely in the dark. We know three other companies directly who all have the same issue as well... Nobody knows anything. One of those is in a very bad position - they've got no idea how they're going to make payroll."
As of November 22, frustrated businesses were still awaiting a firm commitment from London & Zurich on the restoration of services.
The company aims to be "back to normal by the end of this week," a spokesperson told The Register, but specific dates remain elusive.
The financial implications extend beyond the immediate inconvenience, with some businesses resorting to short-term loans to cover financial gaps.
Smaller companies, already facing financial challenges, risk being pushed to the brink as the outage persists.
London & Zurich says it is now working to rebuild affected servers, with an anticipated full restoration by the end of the week.