CompuCom Expects $28 Million Loss From Cyber Incident

Company Still Recovering From March 1 Attack, SEC Filing Notes
CompuCom Expects $28 Million Loss From Cyber Incident

The ODP Corp. reports it has suffered a loss of about $28 million due to a March 1 cyber incident at its business services and supplies subsidiary, CompuCom, that forced the company to shut down some of its operations.

See Also: Global Threat Report 2024: Executive Summary

ODP, which also operates the office supply retailer Office Depot, noted the loss in a Securities and Exchange Commission 8-K filing on March 26, but it did not describe the type of cyber incident that took place or the malware involved other than to say that CompuCom's systems were affected and had still not recovered from the attack.

"The company estimates the loss of revenue to be between $5 million and $8 million as a result of the incident (primarily because of CompuCom's need to temporarily suspend certain services to certain customers)," ODP says.

ODP estimates that recovery costs will total $20 million. It will pay for expenses related to CompuCom's efforts to restore service delivery to affected customers and "to address certain other matters resulting from the incident," according to the SEC filing.

ODP does not believe the attack exposed any customer information, the company notes.

A company spokesperson declined to elaborate further on the type of attack or how the company responded.

In a separate SEC Schedule TO filing, ODP reported its office supply competitor Staples is investigating the purchase of some, but not all, of ODP's assets.


The malware attack did not affect all of CompuCom's operations, and the company was able to deliver services to some of its customers throughout March, ODP says. Most of its systems were back online by March 17.

"The company expects that CompuCom will have service delivery restored to substantially all of its customers by the end of March 2021," ODP says. "As a part of the restoration efforts, CompuCom has taken actions to efficiently and securely restore service delivery to its customers while hardening its systems with enhanced security measures and advanced anti-malware agents."

The recovery process has included boosting the company's cybersecurity protections and implementing what it calls advanced anti-malware agents.

Recent Cyber Incidents

Several other high-profile companies suffered cyber incidents in March.

Insurer CNA reported that on March 23 it was victimized by a malware incident that caused a network disruption and affected certain systems, including corporate email.

Canadian IoT device manufacturer Sierra Wireless reported on March 23 that it had suffered a ransomware attack over the weekend, forcing it to halt production.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.