In recent developments, British retailer Marks & Spencer is grappling with the repercussions of a cyberattack that struck almost two weeks ago, disrupting its ability to process online orders. The attack has coincided with a similar breach at luxury London department store Harrods, which recently confirmed it, too, had been targeted. This series of events has sparked increasing concerns in the retail sector, where fears are mounting that cybercriminals are strategically replicating attack methods to maximize disruption.
Reports are circulating that a hacking collective, known as Scattered Spider, may be responsible for the attack on Marks & Spencer, although this has not been officially verified. It remains uncertain if the recent attacks on Marks & Spencer, Harrods, and the Co-op, who also took precautionary IT measures in response to a hack, are connected. Currently, Marks & Spencer is the most noteworthy casualty among these recent incidents, with its chief executive, Stuart Machin, expressing regret to customers over the disturbance caused. “We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible,” he stated.
The cyberattack first came to light over the Easter weekend, and Marks & Spencer’s operations have been significantly impacted since. Initially experiencing issues with contactless payments and click-and-collect orders, the retailer has since restored its contactless services. However, last Friday, the company announced it would halt orders via its website and app until the situation is resolved. Moreover, the retailer has had to withdraw job listings from its website, thus hindering new hirings among its approximately 65,000 employees. London’s Metropolitan Police has commenced an investigation into this cyber incident.
In the aftermath of these developments, Harrods has decided to limit internet access across its sites as a precautionary measure following an attempt to breach its systems. In a statement, Harrods assured customers that no immediate action was required from them but committed to keeping them informed as necessary. This situation, compounded by recent breaches at Co-op and Marks & Spencer, underscores a troubling trend, according to Cody Barrow, the CEO of cybersecurity firm EclecticIQ. He noted that the spate of attacks indicates that cybercriminals are becoming increasingly audacious, taking advantage of vulnerabilities in complex, interconnected supply chains.
Experts are emphasizing that advances in generative artificial intelligence are heightening these threats, prompting a call for both businesses and individuals to remain vigilant and enhance their defenses against potential cyber intrusions. The U.K. National Cyber Security Centre is actively collaborating with affected organizations and extending expert guidance to others within the industry. “These incidents should act as a wake-up call to all organizations,” remarked Richard Horne, CEO of the agency.