Cyberattacks Shock UK Retailers: M&S Hits £700M Loss in Days

LONDON: Several major retailers in the UK have faced significant setbacks due to recent cyberattacks, with Marks & Spencer (M&S) suffering a loss of £700 million in market value within a week and still unable to fulfill online orders.

Entering their second week of disrupted online orders, M&S experienced a major cyber incident last week, while the Co-op Group disclosed that hackers had compromised customer data.

Since the hacking incident was disclosed, M&S has seen a £700 million ($930 million) drop in its stock market valuation. The recent troubles faced by the Co-op and Harrods, a London department store, prompted the UK’s National Cyber Security Centre (NCSC) to label these incidents a “wake-up call.”

In recent years, British companies, public institutions, and organizations have been under a barrage of cyberattacks that have cost them millions and often led to months of operational disruptions.

M&S, a well-established name in British retail for 141 years, halted clothing and home goods orders via its website and app starting April 25, following issues with contactless payment and click-and-collect services over the Easter bank holiday weekend.

The Co-op initially announced a cyberattack on Wednesday but revealed on Friday that sensitive information related to many current and former members—such as names, contact information, and dates of birth—had been compromised.

Ciaran Martin, the former CEO of the NCSC, told Reuters that currently, there’s no indication that the attacks on M&S, the Co-op, and Harrods are interconnected, suggesting that the latter two incidents might have been uncovered due to increased alertness following M&S’s breach.

“If this can happen to M&S, it could happen to anyone,” he remarked, emphasizing that recovery from such a significant attack often takes a considerable amount of time.

On Friday, M&S CEO Stuart Machin issued another apology to customers but did not provide a timeline for restoring online ordering.

“We are working tirelessly to manage the current cyber incident and aim to return to normal operations for you as swiftly as possible,” he communicated in an email to M&S customers.

With M&S operating approximately 1,000 stores in the UK and generating about one-third of its clothing and home sales online, analysts predict a temporary decline in profits is unavoidable.

While M&S has refrained from disclosing the financial impact, it continues to grow as they miss sales opportunities for new seasonal collections amid a record-breaking hot May in the UK.

Last year, commuters faced nearly three months of account lockouts following a cyberattack on London’s transport authority, TfL. Another assault on a blood testing processing company in London also disrupted services for over three months.

Some food items have been affected in specific M&S locations, and broader disruptions appear to be impacting the company, which has removed job postings from its website.

M&S shares closed down by 1%, bringing their losses since Easter to about 9%.

‘Increasingly Sophisticated’ Attacks

Helen Dickinson, CEO of the British Retail Consortium, noted that cyberattacks are becoming “more advanced,” compelling retailers to invest hundreds of millions annually in cybersecurity measures.

“All retailers are constantly updating their systems to ensure maximum security,” she added.

According to technology site BleepingComputer, a ransomware attack believed to have been executed by a hacking group called “Scattered Spider” targeted M&S’s servers.

The NCSC is collaborating with the affected retailers, while the Metropolitan Police’s Cyber Crime Unit and the National Crime Agency (NCA) are probing the M&S incident.

“These incidents should serve as a wake-up call for all organizations,” stated NCSC head Richard Horne.

Labour MP Matt Western, who chairs Parliament’s Joint Committee on the National Security Strategy, expressed that the government needs to take stronger measures to prevent large-scale cyberattacks.

“As the government wraps up its consultation on strategies to combat ransomware, I hope its response addresses these threats with the seriousness they warrant.”