Information
Marks & Spencer has reinstated its click-and-collect service, 15 weeks after suspending it in the wake of a severe cyber attack that disrupted both its online and in-store operations. The retailer had halted all clothing and home delivery orders, as well as in-store collections, from 25 April. Online orders resumed on 10 June, and customers can now collect purchases in-store and return online orders to any branch. The cyber attack, which involved the theft of some customer data, has prompted warnings for shoppers to remain vigilant against fraudulent messages claiming to be from M&S. The incident also left some shelves bare in stores in the immediate aftermath.
The company estimates the breach will cut its annual profits by around £300 million, though insurance claims may offset some losses. M&S has confirmed the incident was a ransomware attack but has not identified the perpetrators. The UK’s National Crime Agency has linked the attack to the cyber-criminal group Scattered Spider, and in July, police arrested four suspects connected to attacks on both M&S and the Co-op. All have since been released on bail pending further investigations. CEO Stuart Machin has expressed confidence that the company would recover from the worst of the disruption by August.
Source: BBC, Reuters
So What
Although nearly all companies claim to understand the risks associated with cyber incidents, this attack illustrates the long-term effects such an event can have on a business. While M&S was fortunate to survive the attack from a commercial perspective, it is likely that they suffered substantial financial losses that won’t be covered by insurance. This incident could serve as a wake-up call for both the British government and businesses, as geopolitical competition increasingly impacts the corporate world.
Follow us to join the intelligence community!