Marks & Spencer (M&S), a major player in the UK retail sector, confirmed on Tuesday that certain customer data was compromised during a recent cyberattack, leading to the suspension of online orders. In a communication to its customers, M&S explained that while personal data—including contact information and birth dates—might have been accessed, there was no indication that this information had been disseminated. Furthermore, the company reassured customers that no payment or card details, nor account passwords, had been affected.
With annual revenues exceeding 13 billion British pounds (approximately $17.2 billion) for the fiscal year ending March 2024, M&S has reported the breach to government and law enforcement authorities. This incident follows a wave of cybersecurity issues experienced by other prominent UK retailers. Harrods faced temporary disruptions towards the end of April, implementing measures to protect its online services, while Co-op experienced limited impacts from a cyberattack during the same period.
The frequency and severity of ransom attacks have grown, notably causing significant operational disruptions in various sectors including healthcare. For instance, a cyberattack in Britain last year forced hospitals to cancel over 800 scheduled operations and reschedule 700 outpatient appointments, affecting critical treatments such as 97 cancer therapies.
The identity of the attackers and any potential connections between recent incidents remain uncertain. Britain's National Cyber Security Center (NCSC) has confirmed its ongoing collaboration with the affected companies to investigate the scope of the attacks. Richard Horne, NCSC's chief executive, emphasized the urgency of improving cybersecurity measures, labeling these events as a critical wake-up call for organizations across various sectors.
As the investigation continues, M&S and other retailers are urged to bolster their cyber defenses to safeguard sensitive customer information and ensure uninterrupted service.
Jenny Gross is a reporter for The Times covering breaking news and other topics.
With annual revenues exceeding 13 billion British pounds (approximately $17.2 billion) for the fiscal year ending March 2024, M&S has reported the breach to government and law enforcement authorities. This incident follows a wave of cybersecurity issues experienced by other prominent UK retailers. Harrods faced temporary disruptions towards the end of April, implementing measures to protect its online services, while Co-op experienced limited impacts from a cyberattack during the same period.
The frequency and severity of ransom attacks have grown, notably causing significant operational disruptions in various sectors including healthcare. For instance, a cyberattack in Britain last year forced hospitals to cancel over 800 scheduled operations and reschedule 700 outpatient appointments, affecting critical treatments such as 97 cancer therapies.
The identity of the attackers and any potential connections between recent incidents remain uncertain. Britain's National Cyber Security Center (NCSC) has confirmed its ongoing collaboration with the affected companies to investigate the scope of the attacks. Richard Horne, NCSC's chief executive, emphasized the urgency of improving cybersecurity measures, labeling these events as a critical wake-up call for organizations across various sectors.
As the investigation continues, M&S and other retailers are urged to bolster their cyber defenses to safeguard sensitive customer information and ensure uninterrupted service.
Jenny Gross is a reporter for The Times covering breaking news and other topics.
