Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers. The cyberattack occurred on Sunday morning, October 29, 2023, and affected many of the company’s key operating systems, including ACENET, its Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center’s phone system1. The company has not disclosed the type of attack or the identity of the attackers, but it has hired a group of technical forensic experts to help resolve the situation2.
The cyberattack has caused significant disruption to the company’s operations and services, as well as to its retailers and customers. The company’s website is unable to process online orders, and its delivery system is also suspended3. Some employees have reported being sent home from the warehouses, and others have expressed concern about their paychecks4. The company has advised its retailers to keep their stores open and assured them that there is no known impact to their in-store payment systems or credit card processing2. However, some customers have complained about not being able to use their Ace Rewards or place orders online5.
Ace Hardware is the world’s largest retailer-owned hardware cooperative, with more than 5,700 stores across the United States, China, Panama, and the UAE6. The cooperative employs 12,500 people and has an annual revenue that surpasses $9 billion. The company is known for its customer service and community involvement, and has been ranked as one of the top franchises in the world by Entrepreneur magazine. The company’s motto is “The helpful place”, and its mission is to provide quality products and services to its customers and retailers.
The cyberattack on Ace Hardware is the latest in a series of cyberattacks that have targeted various organizations and industries in recent years. Some of the most notable examples include the Colonial Pipeline ransomware attack in May 2021, the SolarWinds supply chain attack in December 2020, and the Equifax data breach in September 2017. These cyberattacks have exposed the vulnerabilities of critical infrastructure, information systems, and personal data, and have raised awareness about the need for better cybersecurity measures and practices.