Marks & Spencer faced a potential disaster from a significant cyber attack, according to its chairman, Archie Norman. Norman expressed that had the attack occurred during a previous period of struggle, the company would have suffered severe consequences. As a result of the cyber attack, M&S had to shut down its vital online operations, resulting in an estimated loss of £10 million per week in profits.
The ransomware incident occurred at the end of April, compromising customer data such as names, email addresses, postal addresses, and dates of birth. It took six weeks for the retail giant to gradually resume online orders for clothing and homeware.
The group responsible for the attack, known as Scattered Spider, remains shrouded in mystery. There are reports suggesting a potential connection to a ransomware creator named Dragon Force, allegedly comprising former computer gamers turned hackers with ties to Asia.
During his testimony to MPs on the Commons Business and Trade Committee, Mr. Norman refrained from disclosing whether a ransom was paid, citing an ongoing investigation. He highlighted the rarity of criminal actors attempting to disrupt business operations for unclear motives, likely driven by ransom and extortion.
The cyber attack forced M&S to revert to manual processes not utilized in 30 years to ensure business continuity. Nick Follard, M&S’s general counsel, emphasized the importance of being able to operate using traditional methods like pen and paper in the event of system failures.
While M&S reported a 20% increase in annual profits before the attack, totaling £875.5 million, the incident is anticipated to impact future profits by approximately £300 million. The company aims to recover a significant portion of this amount through insurance claims.
The Co-op, another targeted retailer, shared its experience with the committee. The Co-op’s IT systems swiftly detected signs of an attack, enabling prompt action to mitigate the impact. Despite this, the attack caused disruptions in deliveries to Co-op stores, resulting in empty shelves.
Dominic Kendal-Ward from the Co-op Group warned of the escalating threat posed by cyber attacks, stating that attackers are becoming more sophisticated. The Chair of the Committee, Liam Byrne, highlighted the concerning breach of digital defenses at two prominent retail institutions, Marks and Spencer and the Co-op, signaling a pervasive and potentially uninsurable risk for businesses.
