British companies, public bodies and institutions have been hit by a wave of cyber attacks in recent years, costing them tens of millions of pounds and often months of disruption
London: London department store Harrods said on Thursday hackers had attempted to break into its systems, the third high-profile cyber attack on a UK retailer in two weeks, following incidents at Marks & Spencer and the Co-op Group.
British companies, public bodies and institutions have been hit by a wave of cyber attacks in recent years, costing them tens of millions of pounds and often months of disruption.
“We recently experienced attempts to gain unauthorized access to some of our systems,” a statement from Harrods, owned by the Qatar Investment Authority, said.
“Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
It said all its sites, including its flagship Knightsbridge store in London, H beauty stores and airport stores remained open and customers could also continue to shop online.
The Harrods and Co-op incidents appear to have had less of an impact than the attack on M&S, one of Britain’s best known retailers, which has paused taking clothing and home orders through its website and app for the last seven days.
The attack on M&S has come during a bout of warm weather in Britain, when retailers would normally report an increase in demand for summer clothing, fresh food and drinks. Availability of some food products has also been affected in some stores.
The National Cyber Security Centre (NCSC) is working with both M&S and the Co-op, while the Metropolitan Police’s Cyber Crime Unit and the National Crime Agency (NCA) is investigating the M&S attack.
Technology specialist site BleepingComputer, citing multiple sources, said a ransomware attack that encrypted M&S’s servers was believed to have been conducted by a hacking collective known as “Scattered Spider.”
M&S entered a second week unable to take online clothing and home orders on Friday following a major cyberattack, hitting sales of new season ranges as the country basks in record temperatures.
Some 700 million pounds ($930 million) has been wiped off the stock market value of M&S since the hack was revealed last week, and news that retailers Co-op Group and London department store Harrods had faced smaller incidents in recent days was described as a “wake up call” by the government’s National Cyber Security Centre (NCSC).
The 141-year-old M&S, one of the best known names in British business, stopped taking clothing and home orders through its website and app on April 25 following problems with contactless pay and click and collect services over the Easter holiday weekend.
With M&S, which has about 1,000 stores across Britain, making around one-third of its clothing and home sales online, analysts have said a short-term profit hit is inevitable.
M&S has declined to quantify the financial impact so far.
One of the most worrying aspects of the attack for M&S, say analysts, is how long it will drag on for.
Customers were locked out of their accounts for almost three months last year after a cyberattack at London transport operator TfL, while a cyberattack on a blood test processing company in London also last year disrupted services for over three months.
Availability of some food products has also been affected in some stores, while the disruption may be having a broader impact on the running of M&S, which has pulled job postings on its website.
Helen Dickinson, CEO of trade body the British Retail Consortium, said cyberattacks were becoming “increasingly sophisticated,” forcing retailers to spend hundreds of millions of pounds every year on defenses.
“All retailers are continually reviewing their systems to ensure they are as secure as possible,” she said.
The NCSC is working with the affected retailers, while the Metropolitan Police’s Cyber Crime Unit and the National Crime Agency (NCA) are investigating the M&S attack.
“These incidents should act as a wake-up call to all organizations,” said NCSC CEO Richard Horne.Labour lawmaker Matt Western, Chair of parliament’s Joint Committee on the National Security Strategy, said the government should do more to prevent major cyberattacks.
“As the Government concludes its consultation on proposals to counter ransomware, I hope its response treats these threats with the seriousness they clearly deserve,” he said.