Last April, British retail giant Marks & Spencer was the victim of a large-scale cyberattack. The consequences were disastrous, with a significant delay in online orders and a huge data breach.
Consequently, according to the company, the incident caused it to lose around £300 million, which represents €355 million in France. Not to mention that some services will be impacted until July 2025.
A large-scale cyberattack
This story began over the Easter weekend, when customers were unable to collect Click & Collect orders. collect and were able to see significant delays. In addition, payment terminals were out of service and it was impossible to return items.
So, a few days later, the Marks & Spencer website decided to put a banner on its homepage to apologize for the inability to order online. And this should last until July, according to the company, which still estimates that 85% of items will be available for sale within a few weeks.
Nevertheless, this attack had serious consequences, particularly from a financial point of view. It must be said that every day, online sales represented 34% of total sales and generated on average 4.5 million euros daily.
An action targeted by a hostile group
This cyberattack appears to be closely linked to the hacker group Scattered Spider, according to the BBC, and which is better known under the name UNC3944. And this group became known by attacking the casinos and hotels of the American entertainment group MGM.
Regarding Mark & Spencer, the criminals allegedly used social engineering techniques using the codes of Tata Consultancy Services (TCS) employees. Then, they encrypted virtual machines on VMware ESXi hosts.
However, restoring the company's systems won't solve all the problems. On May 13, it announced that employees' personal data had been stolen, causing panic. But M&S reassured, adding: "This does not include usable card or payment details, or account passwords."
However, fate is against the company, as a Scottish law firm has already filed a class action lawsuit accusing it of failing to implement measures to secure its employees. And that's not all, because fines are likely to arise due to the loss of customer and employee data.
Nevertheless, the retail sector has recently been particularly targeted by Scattered Spider hackers. Indeed, shortly after this cyberattack, Co-op and luxury department stores Harrods announced, in turn, that they had been victims of this scourge.
0 Comments