British retailer Marks & Spencer announced on Tuesday that a cyberattack last month resulted in the compromise of customer data, prompting the company to suspend online orders for several weeks. An email sent to customers revealed that while personal information such as contact details and birth dates might have been accessed, there was no evidence to suggest that this data had been disseminated. Importantly, no card information or account passwords were breached during the incident.
The company, which reported an annual revenue exceeding 13 billion British pounds (approximately $17.2 billion) for the fiscal year ending March 2024, took immediate action by notifying government authorities and law enforcement about the breach. This revelation coincides with a wave of cyberattacks targeting British retailers, as seen in the recent disruption at Harrods, which temporarily limited internet access for security reasons, and a cyber incident at Co-op that had a minor effect on their back office and call center operations.
The rise in frequency and severity of ransomware attacks poses a significant threat to various sectors, having previously affected hospitals that had to cancel numerous procedures. The National Cyber Security Center (NCSC) of Britain is currently investigating the nature of these breaches and is working alongside impacted companies to bolster security measures. Richard Horne, chief executive of the NCSC, emphasized that these incidents should serve as critical warnings for organizations to enhance their cybersecurity frameworks to avoid future attacks.
As of now, the identity of the attackers remains unclear, and no connections between the various retail incidents have been established. The affected companies continue to collaborate with the NCSC for further guidance.
