Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

  • Interview
  • Management, Awareness and Compliance
  • OT Security

Hacking attack on Marc O'Polo - what you can learn from it

In 2019, a hacker attack paralysed the fashion company Marc O'Polo. Dr Patric Spethmann, COO and board member, talks about the background to the attack, how Marc O'Polo has changed since then and what he has to say to other companies about IT security.

Suddenly nothing works - no cash register, no phone, no PCs. All data is encrypted and a ransom note appears. This is what happened to Marc O'Polo in 2019. The fashion company became the target of a hacking attack on 13 September 2019 that disabled the company's entire IT infrastructure. The damage was extensive, taking Marc O'Polo a month to restore its IT infrastructure. Today, the company does many things differently. 

Friday the 13th - a coincidence? 

That the attack fell on a Friday the 13th sounds like a stupid coincidence. But it was not entirely coincidental - at least not that the attack happened on a Friday, says Dr Patric Spethmann, Member of the Board and Chief Operating Officer at Marc O'Polo. On Fridays, companies are usually more vulnerable because many start the weekend early. "You work in an attack against time." What mattered then was quick outside support. Spethmann, who had only been with the company for a short time at the time, mobilised his network.

Building a network for emergencies 

Experts from a wide range of fields, from forensics to PR, supported Marc O'Polo that same weekend. Insurance is useful, but in a case like this, you need contacts who are immediately on hand. "When the going gets tough, only people come for people." Spethmann emphasises that one should choose one's network and partners in good times and constantly cultivate them. He advises companies to seek external help and be challenged regularly to review their IT security. It is important that companies are not only reactive, but also proactive, he said.

This is how the attackers proceeded

Forensics later found that the hackers had already gained access to Marc O'Polo's systems six months earlier. An employee surfed a hacked watch page, which the attackers used to access the network. Then followed a living-off-the-land strategy: for months, the hackers moved carefully through the network so as not to trigger any alarms. "There were three different attackers," says Spethmann. They knew the system inside out and waited for the perfect moment to strike. "Right at our peak delivery time," he adds. There were no recriminations. "If the company's well-being depends on the daily performance of individual employees, then the system is not right."

Direct consequences for Marc O'Polo

Marc O'Polo was unable to deliver for a week, seven-figure losses accumulated here. In total, it took a month to restore the IT infrastructure. The company decided to stop using the old IT infrastructure and to reinstall everything. This step had been necessary to restore the trust of the customers and to ensure that such an incident would not happen again.

What has changed at Marc O'Polo since then? 

IT security is not a one-off task, but an ongoing mindset. "Spending money on IT security was very unusual until two or three years ago," says Spethmann. But after the attack, that changed. The company has invested in technology, revised processes and trained employees. "The biggest danger is always in front of the computer," warns Spethmann. For several years, the company has introduced employee awareness training to raise awareness of IT security risks. It is important that every employee understands the risks and knows how to protect themselves against them, says Spethmann. He also advises companies to invest in IT security and seek external help. "Put money in your hands and find someone who is responsible for the topic in the company." It's not just a question of money, but also of commitment and culture.

The cyber attack on Marc O'Polo is a wake-up call for many companies. It showed the need to invest in IT security and to be constantly vigilant. Marc O'Polo's experience serves as a cautionary tale for other companies that believe they could not be the target of such an attack. It is important for companies to be proactive, train their employees and constantly review their security measures. This is the only way they can protect themselves from future attacks and at the same time maintain the trust of their customers. Security is an investment in the future that pays off.


This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.