Support road.cc

Like this site? Help us to make it better.

Canyon Bicycles reveals it has been hit by a 'massive' cyber attack

Direct-to-consumer brand says incident before New Year will cause disruption to orders

Canyon Bicycles has said that it was targeted in a “massive” cyber attack shortly before New Year, but insists that its website was not affected and that customers were able to continue to make online orders, although it has confirmed that the incident will cause delays in customer contact and order fulfilment in the coming days.

The direct-to-consumer business, which is based in Koblenz, Germany, revealed the attack in a press release this afternoon in which it said that the attack appeared to have been “perpetrated by a professionally organised group that specialise in attacking companies.

“The perpetrators succeeded in gaining access to Canyon's IT systems. Software and servers were encrypted and thus locked in places.

“The website www.canyon.com was not affected: Orders via the web shop could and continue to be placed as usual. Meanwhile, the attack has been identified and stopped according to the current state of knowledge.”

Beyond that, Canyon has not provided details of the precise nature of the attack, nor whether any individual data may have been compromised but clearly for a business that sells direct to consumers the incident is likely to raise concerns among existing or potential customers.

Founder and CEO Roman Arnold said: “The attack shows massive criminal intent. Due to the encryption of our IT infrastructure, work and business processes were temporarily massively affected.

“Our Koblenz site was directly affected, as were all our international companies with the exception of the US company, as it operates its own IT system.

“Unfortunately, we expect delays in customer contact and delivery in the next few days.

“We are making every effort to keep the impact on our customers and fans as low as possible and to get back to normal operations as quickly as possible.”

He added: "We regret this incident very much and apologise that Canyon is currently not able to offer its usual standard of service.”

Canyon said that as soon as it became aware of the attack it notified the relevant authorities, including the state commissioner for data protection in Rhineland-Palatinate, and that it is working alongside the Koblenz criminal investigation department and the state criminal investigation department.

It is unclear whether any individuals have been arrested in connection with the cyber attack, but Canyon said that “criminal charges will be filed against the perpetrators.”

The company added: “Experts from the fields of IT, forensics and cyber security were able to quickly analyse and control the attack and have already initiated solutions and countermeasures.”

Simon joined road.cc as news editor in 2009 and is now the site’s community editor, acting as a link between the team producing the content and our readers. A law and languages graduate, published translator and former retail analyst, he has reported on issues as diverse as cycling-related court cases, anti-doping investigations, the latest developments in the bike industry and the sport’s biggest races. Now back in London full-time after 15 years living in Oxford and Cambridge, he loves cycling along the Thames but misses having his former riding buddy, Elodie the miniature schnauzer, in the basket in front of him.

Add new comment

2 comments

Avatar
brooksby | 5 years ago
3 likes

Quote:

Canyon Bicycles has ... confirmed that the incident will cause delays in customer contact and order fulfilment in the coming days.

Having read various comments and articles over the years, I'm not sure anyone would notice yes 

Avatar
Simon E | 5 years ago
1 like

Two contradictory statements:

"The perpetrators succeeded in gaining access to Canyon's IT systems"

(probably ransomware)

"Experts from the fields of IT, forensics and cyber security were able to quickly analyse and control the attack"

Hopefully they restored from a backup that was not encrypted by the attacker.

Data security has long been a weakness for online operations. The results are usually bad and can be disastrous. Often the decision-makers see the cost of IT and consider it a function that can easily be outsourced. This applies to any company, not only e-commerce.

The push for increased connectivity and 'the internet of things' is likely to make every car and household vulnerable in some way, though the pedals on your bike should still work fine. smiley

Latest Comments