The hotel supply giant Bali has announced that it is “taking steps” to reduce the risk of consumers losing valuable products, after the retailer was hacked by a “serious” attack that compromised the company’s internal systems.
The cyberattack, which targeted the Bali payment processing system, was carried out by the Russian-based CyberBerkut group, a cyber group that has previously been associated with state-sponsored attacks.
The group claims to have access to the company account information and passwords for nearly every Bali consumer account.
In a statement released on Friday, Bali said the company has already taken steps to mitigate the risk.
“We are taking steps to minimize the risk for our customers,” the statement said.
“We will be sharing more information about our steps in due course.”
Bali has been the subject of multiple security breaches in recent years.
In May, the retailer announced that a number of its internal systems were breached.
The breach, which compromised the password-protected data of more than 3,000 customers, was traced to a company that the company said was part of a larger operation to steal customer data.
The latest attack, which was first reported by The Verge, may also have affected the company that provides the payment processor.
It is believed that the breach originated from an account at the Russian online payments firm Rakuten.
It was also reported by the BBC that the attacker managed to gain access to a large number of accounts, including those of some Bali customers.
The hack was first revealed on Tuesday by cybersecurity company FireEye.
The company noted that Bali’s payment processing systems were vulnerable to the attack, as well as its “email, voicemail, and fax accounts,” which are also accessed through its system.
FireEye also said that hackers used a different approach to compromise the systems than those used to breach Bali.
It pointed out that hackers may have used more sophisticated tactics to breach the payment processing services, and that the group behind the attack also “ran an extensive campaign to target Bali-branded sites.”
In addition to the payment-processing system breach, a separate breach was reported on Wednesday, where a hacker gained access to emails sent by the company to customers.
A Bali spokesperson told Business Insider that the attackers did not gain access directly to customers’ email addresses, but that their actions affected the “payment system,” “email system,” and “email provider” accounts.
A Bali spokesman also said on Friday that it was working to resolve the breach and had notified customers that their information had been compromised.