3 min Security

Ransomware hits store chain Casa, personal data was leaked

Ransomware hits store chain Casa, personal data was leaked

Home furnishing store chain Casa fell victim to a ransomware attack. “The ongoing investigation shows that personal data of several customers and staff have been leaked”, the organization shared in a statement.

The attack took place on August 1. In an initial statement, Casa emphasized that “no customer banking and payment information was leaked”. The organization added that there were no indications of other customer data being lost.

The situation has since changed. Casa shared an update on the incident on Monday, August 8. Further investigation revealed that the personal data of several customers and employees was leaked.

Though Casa released the statements in several European languages, there are no English communications available. The quotes in this article were therefore translated from Dutch to English.

Ransomware at Casa

Casa is a home furnishings retailer. The organization has hundreds of branches in multiple countries, including dozens of Dutch and Belgian locations.

According to Flemish newspaper HBVL, Casa confirmed the involvement of ransomware in a private message to customers. “On August 1, Casa fell victim to a ransomware attack by a hacker group”, the organization shared.

Victims often try to prevent the spread of ransomware by closing stores, but Casa’s stores and webshop are fully operational. According to the organization, “the impact is mainly centred on the internal operations at the headquarters”. Casa added that orders with home delivery may be delayed.


The organization assembled a crisis team to recover from the attack. Casa is currently attempting to safely restart the IT systems at its headquarters. The organization said it’s contacting the customers whose data was lost.

The scale of the breach is unclear. Casa described the loss as “some personal data from multiple customers and staff”, but further details are unknown. The organization said nothing about the identity of the attackers. It’s unclear whether the cybercriminals demanded a ransom.

Casa emphasized that the current state of affairs will be communicated directly to customers. The organization did not indicate when the next update is expected.


Ransomware is common during the summer period. The season is busy for retailers like Casa. Cybercriminals capitalize on this. By attacking systems during a critical period, the victim suffers more damage. Missed revenue motivates an organization to pay a ransom.

Like Casa, dental company Colosseum Dental Benelux was attacked with ransomware in the week of 1 August. The organization recently announced it intends to pay the ransom.

Tip: Ransomware is an APT, so you should treat it as such