M&S chief Stuart Machin has issued a new apology to customers over a cyberattack which the retailer has been battling “day and night” for nearly two weeks.
Since Machin first informed customers of the attack on 22 April, it has forced the retailer to halt online clothing and home deliveries and led to what it has called “pockets of limited availability in some stores” as it impacts depot computer systems.
In the retailer’s scramble to take systems offline, store staff have been sharing war stories of having to check freezer cabinet temperatures frequently in case the defrost alarms don’t work, as revealed by The Grocer earlier this week.
The attack has forced M&S to suspend contactless payment in stores along with its scan & shop service, and even rendered some stores cash-only. Its Sparks loyalty app – which has 18 million members – has been unable to process rewards for customers.
Online recruitment has also been suspended, with the M&S careers page unable to conduct searches of vacancies, despite the retailer having hundreds.
The attack has been linked to ‘Scattered Spider’, a hacking gang whose members include teenagers from the UK and US, with a history of demanding ransoms to unlock systems. The group is known for using ‘social engineering’ techniques, such as phone staff posing as IT support in order to gain passwords.
M&S has been working with cybersecurity experts from CrowdStrike, GCHQ’s National Cyber Security Centre, the Met Police and the National Crime Agency to regain control.
Read more: Marks & Spencer cyberattack: the reasons, damage and lessons
“We are really sorry that we’ve not been able to offer you the service you expect from M&S over the last week,” Machin wrote to customers today.
“We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible.
“Thank you from me and everyone at M&S for all the support you have shown us. We do not take it for granted and we are incredibly grateful.
“Our teams are doing the very best they can, and are ready to welcome you into our stores – whether you are shopping for food or for fashion, home and beauty this bank holiday weekend.
“Thank you for your support and thank you for shopping with us. We will continue to keep you updated.”
Harrods yesterday became the latest retailer to be hit by a cyberattack, after the Co-op revealed it had also been targeted this week.
Harrods said: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
The Co-op has withdrawn staff access to several systems, having “recently experienced attempts to gain unauthorised access”, according to an internal memo. The retailer is reportedly requiring staff to turn on their cameras when joining remote meetings, so their identity can be verified.
Jonathan Lee, a director at cybersecurity firm Trend Micro, said hackers were targeting retailers “because of the large amounts of valuable personally identifiable data they process”.
No comments yet