M&S Cyberattack Disrupts Orders and In-Store Services
Originally published at ssojet Image courtesy of BleepingComputer Marks & Spencer (M&S) has confirmed a cyberattack that has disrupted its operations, particularly affecting the Click and Collect service. The company announced the incident via a press release on the London Stock Exchange, indicating that they are collaborating with cybersecurity experts to manage and resolve the situation. The M&S statement specifies, "As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business." The cyber incident has led to delays in the Click and Collect order system, with customers advised to wait for confirmation emails before picking up orders. While the M&S website and app remain operational, the incident has raised concerns regarding the potential theft of data, particularly if ransomware is involved. For further details, refer to the M&S statement here. Implications for the Retail Sector Image courtesy of City AM The M&S cyberattack has resulted in a notable decline of 10% in its stock value, reflecting the severity of the situation. The attack, which began over the Easter weekend, has forced M&S to suspend online orders and disrupted in-store operations, including contactless payments and gift card usage. Cybersecurity experts warn that customers of M&S may face increased risks of malicious activity, as attackers often exploit confusion following a breach. Robert Cottrill, technology director at ANS, stated, "In the aftermath of a cyber incident, we often see a spike in related malicious activity, as cyber criminals look to exploit the confusion." Ev Kontsevoy, CEO of Teleport, emphasized the unique risks associated with the interconnected systems in retail: "Retail IT infrastructure today consists of many interconnected services, which makes the infrastructure vulnerable." For additional insights, read more on the growing cyber risks for retailers here. Retail Cybersecurity Recommendations Image courtesy of Cybersecurity Ventures In the wake of the M&S incident, experts advocate for enhanced cybersecurity measures across the retail sector. Nathaniel Jones, VP of security and AI strategy at Darktrace, remarked on the cascading impact of such attacks, stating, "M&S taking systems offline suggests this is likely a ransomware-related incident." Implementing principles like "least privileged access" is critical in safeguarding retail systems, as emphasized by industry leaders. It is essential for retailers to prioritize cybersecurity and ensure robust defenses are in place to protect customer data from breaches. For businesses seeking to enhance their cybersecurity posture, exploring solutions like SSOJet's API-first platform can be beneficial. SSOJet offers secure Single Sign-On (SSO), Multi-Factor Authentication (MFA), and directory synchronization, which are crucial for protecting sensitive information and maintaining robust operational integrity. For a deeper understanding of effective cybersecurity measures, explore insights here. Customer Communication and Transparency M&S has communicated with customers regarding the cyber incident, assuring them that no card details were compromised and no action is required on their part. The company’s proactive communication strategy, praised by experts, is seen as a model for crisis management. Crisis management expert Dennis Martin noted, "Cybersecurity is no longer just an IT concern, but a core operational risk." This highlights the importance of integrating cybersecurity strategies into overall business operations. As organizations prepare for potential cyber threats, SSOJet provides a comprehensive approach to user management, enabling enterprises to implement secure SSO and authentication solutions tailored to their needs. For more information on enhancing your organization's security measures, consider SSOJet's offerings at SSOJet.
Originally published at ssojet
Image courtesy of BleepingComputer
Marks & Spencer (M&S) has confirmed a cyberattack that has disrupted its operations, particularly affecting the Click and Collect service. The company announced the incident via a press release on the London Stock Exchange, indicating that they are collaborating with cybersecurity experts to manage and resolve the situation. The M&S statement specifies, "As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business."
The cyber incident has led to delays in the Click and Collect order system, with customers advised to wait for confirmation emails before picking up orders. While the M&S website and app remain operational, the incident has raised concerns regarding the potential theft of data, particularly if ransomware is involved.
For further details, refer to the M&S statement here.
Implications for the Retail Sector
Image courtesy of City AM
The M&S cyberattack has resulted in a notable decline of 10% in its stock value, reflecting the severity of the situation. The attack, which began over the Easter weekend, has forced M&S to suspend online orders and disrupted in-store operations, including contactless payments and gift card usage.
Cybersecurity experts warn that customers of M&S may face increased risks of malicious activity, as attackers often exploit confusion following a breach. Robert Cottrill, technology director at ANS, stated, "In the aftermath of a cyber incident, we often see a spike in related malicious activity, as cyber criminals look to exploit the confusion."
Ev Kontsevoy, CEO of Teleport, emphasized the unique risks associated with the interconnected systems in retail: "Retail IT infrastructure today consists of many interconnected services, which makes the infrastructure vulnerable."
For additional insights, read more on the growing cyber risks for retailers here.
Retail Cybersecurity Recommendations
Image courtesy of Cybersecurity Ventures
In the wake of the M&S incident, experts advocate for enhanced cybersecurity measures across the retail sector. Nathaniel Jones, VP of security and AI strategy at Darktrace, remarked on the cascading impact of such attacks, stating, "M&S taking systems offline suggests this is likely a ransomware-related incident."
Implementing principles like "least privileged access" is critical in safeguarding retail systems, as emphasized by industry leaders. It is essential for retailers to prioritize cybersecurity and ensure robust defenses are in place to protect customer data from breaches.
For businesses seeking to enhance their cybersecurity posture, exploring solutions like SSOJet's API-first platform can be beneficial. SSOJet offers secure Single Sign-On (SSO), Multi-Factor Authentication (MFA), and directory synchronization, which are crucial for protecting sensitive information and maintaining robust operational integrity.
For a deeper understanding of effective cybersecurity measures, explore insights here.
Customer Communication and Transparency
M&S has communicated with customers regarding the cyber incident, assuring them that no card details were compromised and no action is required on their part. The company’s proactive communication strategy, praised by experts, is seen as a model for crisis management.
Crisis management expert Dennis Martin noted, "Cybersecurity is no longer just an IT concern, but a core operational risk." This highlights the importance of integrating cybersecurity strategies into overall business operations.
As organizations prepare for potential cyber threats, SSOJet provides a comprehensive approach to user management, enabling enterprises to implement secure SSO and authentication solutions tailored to their needs.
For more information on enhancing your organization's security measures, consider SSOJet's offerings at SSOJet.
