M&S Hit by £300M Cyberattack, Shares Plummet
Marks & Spencer (M&S) has suffered a significant cyberattack in April, causing substantial disruption and an estimated £300 million ($408 million) loss to operating profit. The attack, one of several targeting UK businesses including the Co-op Group and Harrods, has left M&S shares down by over 15%.
The cyberattack on M&S began on April 17 and was detected two days later. It was carried out by hackers impersonating a third-party user, a method also employed in the Co-op Group's attack. M&S chairman referred to it as a 'sophisticated impersonation' and it resulted in the stepping down of the company's CTO, Rachel Higham.
M&S has not confirmed whether a ransom was paid, citing public interest concerns. The company is working with the National Crime Agency, the National Cyber Security Centre, and the FBI to investigate the attack. Four individuals allegedly linked to the cybercriminal group 'Scattered Spider' were arrested in connection with the incident.
A cybercrime gang called 'DragonForce' later claimed responsibility for the attack. M&S expects to receive substantial recovery from an insurance claim, with the process estimated to take up to 18 months.
The cyberattack on M&S has resulted in significant financial loss and operational disruption. The company is cooperating with law enforcement agencies to identify those responsible and is seeking recovery through insurance. The incident serves as a reminder of the growing threat of cybercrime to businesses.
