METRO/MAKRO operates 623 wholesale stores and 94 delivery depots across more than 30 countries, serving millions of professional customers in the HoReCa sector - hotels, restaurants, caterers - plus independent merchants and traders. Founded in 1964 and headquartered in Düsseldorf, Germany, the company employs approximately 87,800 people globally. The scale creates a substantial attack surface: physical wholesale operations intersect with cloud-based point-of-sale systems, an online marketplace platform (METRO MARKETS), and supply chain infrastructure spanning multiple jurisdictions with varying regulatory frameworks and threat landscapes.
The company's digital transformation strategy introduces complexity that security teams must navigate. DISH POS, their cloud-based cash register system deployed to restaurateurs, represents a high-value target - compromising POS infrastructure could expose transaction data across thousands of customer locations. METRO MARKETS, the online distribution platform, processes orders and payment information for professional buyers, demanding robust authentication, authorization, and data protection controls. Supply chain transparency initiatives, while positioned as sustainability efforts, require secure data pipelines tracking product provenance across international suppliers.
The threat model is straightforward: a B2B food wholesaler handling payment processing, customer data, and logistics coordination across 30+ countries faces ransomware risk, supply chain attacks, payment fraud, and regulatory compliance challenges spanning GDPR, PCI-DSS, and local data protection laws. The hybrid model - physical stores plus digital services - means security teams must address both operational technology concerns (store systems, delivery logistics) and enterprise IT (cloud platforms, marketplace infrastructure). Technical domains include securing cloud-based SaaS offerings, protecting multi-country data flows, and maintaining PCI compliance across diverse payment touchpoints while the company pursues its sCore strategy for growth through 2030.