M&S issues major update as cyber attack continues to cripple chain after over a month
HACKED OFF
The high street giant first halted orders on its website and saw empty shelves over the Easter weekend.
- James Flanders, Chief Consumer Reporter
M&S has issued a major update as the cyber attack continued to cripple the retail chain.
The retailer has now said disruption from the attack is expected to continue through to July.
1
It added that the fallout will reduce operating profits by around £300million before measures are taken to offset the losses.
The attack, which began around Easter weekend, forced M&S to halt website orders and caused empty shelves in stores.
On Wednesday, the company revealed that online sales and profits in its fashion, home, and beauty departments have been "heavily impacted".
Food sales were also affected due to reduced stock availability, although this is now improving.
In a statement released alongside its full-year results, M&S said: "Over the last few weeks, we have been managing a highly sophisticated cyber incident.
"As a team, we have worked around the clock with suppliers and partners to contain the incident and stabilise operations, taking proactive measures to minimise the disruption for customers.
"We are focused on recovery, restoring our systems, operations and customer proposition over the rest of the first half, with the aim of exiting this period a much stronger business.
"Since the incident, food sales have been impacted by reduced availability, although this is already improving.
"We have also incurred additional waste and logistics costs, due to the need to operate manual processes, impacting profit in the first quarter.
"In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient.
"We expect online disruption to continue throughout June and into July as we restart, then ramp up operations.
"This will also mean increased stock management costs in thesecond quarter."
The problems began on Saturday, April 19, with customers unable to collect purchases or return items.
By Monday, April 21, M&S acknowledged the attack, apologised for the inconvenience, and engaged cybersecurity experts while notifying the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO).
The criminals suspected to be behind the attack are known collectively as "Scattered Spider" - one of the most prolific cybergangs of the past 18 months.
Despite M&S' efforts to restore systems, disruptions continued throughout the week, forcing the retailer to make operational adjustments, including suspending online and app orders on Friday, April 24.
This decision led to a 5% drop in the company’s share price.
Shoppers have been reporting empty shelves in some stores, highlighting the ongoing fallout from the cyber attack.
Staple items including bananas, fish, and the iconic Colin the Caterpillar cakes have even become hard find in some shops.
Meanwhile, M&S has been forced to temporarily suspend its meal deal offers in some of its smaller stores in transport hubs.
On May 13, M&S confirmed that some customer information had been stolen in the attack.
However, the company has still not yet revealed the exact details of the cyber breach.
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
- Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
- Tuesday, May 13: M&S revealed that some customer information has been stolen.
Co-op also faced a hacking attempt and was forced to shut down part of its IT system at the end of April.
At the time, it informed staff that it had "taken proactive steps to keep our systems safe".
However, it was later revealed that the personal data of a "significant number" of its 6.2 million customers and former members had been stolen.
This included details such as names, contact information, and dates of birth.
Co-op assured customers that passwords, credit card details, and transaction information were not compromised.
The company has since said that it has taken "proactive measures" to fight off the hackers and that the incident only had a "small impact" on operations.
Following Co-op, Harrods became the third retailer to experience a hacking attempt.
The luxury department store warned shoppers about "restricted internet access" due to the attempted breach, which caused difficulties for some customers trying to make payments
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
- Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
- Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
- Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
- SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
- Ransomware: Malware that encrypts a victim's data and demands a ransom for its release.
- Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
thesun
