Marks and Spencer, a well-known British retailer, announced on Tuesday that personal customer information has been compromised due to a cyber attack that has severely disrupted its online operations for over three weeks.
The company, a staple in the UK market, ceased processing online orders on April 25th, experiencing a 15% drop in stock value since Easter weekend when initial issues arose.
Many retailers, with 1,000 stores still operating, have reportedly fallen victim to ransomware attacks. In these cases, hackers penetrate corporate systems, encrypt data, and demand payments for access.
M&S attributed the issue to the “sophisticated nature” of the attack, acknowledging that customer details were stolen and promising to notify affected individuals.
The retailer clarified, “Importantly, the data does not include any payment or card details, which are not stored in our system, nor does it include account passwords. There is no evidence of this data being shared.”
Customers have been advised that no immediate action is necessary, and the company is working to restore normal operations. They have taken precautions to secure their information systems, collaborating with cybersecurity experts and law enforcement.
M&S has not provided an estimate of the financial repercussions, but these are expected to escalate as the UK market misses out on new seasonal sales amid warm May weather. Online sales represent about one-third of their clothing and home revenue.
Analysts from Deutsche Bank earlier this month assessed that profits could be down by at least £30 million, with ongoing losses around £15 million weekly.
They indicated that cyber insurance might cover most of the financial fallout, though such coverage is usually limited in duration.
