Unlock Editor’s Digest Lock for Free
FT editor Roula Khalaf will select your favorite stories in this weekly newsletter.
Marks and Spencer sought help from US FBI agencies after a sustained cyberattack, the chair of a UK retailer told the Parliamentary Selection Committee.
Archie Norman told the Cross-Party Business Committee on Tuesday that retail chains are “more muscular in the zone,” and that “we had a “swap exchange with the FBI,” which was very supportive.” The retailer has been working with the UK’s National Crime Agency and the National Cybersecurity Centre (NCSC) since the attack.
M&S Chair was giving evidence in the wake of a catastrophic cyberattack on retailers, which are expected to cost up to £300 million on operating profit this year. Norman faced a select committee alongside Co-op, another retailer recently ravaged by hackers, as part of a broader investigation into the impact of cyberattacks on various organizations.
Norman first publicly confirmed that M&S, a group of primarily Russian-speaking cybercriminals, was behind the attack, with retailers unable to sell clothes and furniture online for seven weeks. The group offers ransomware tools to other criminal gangs, including scattered spiders, which are also linked to M&S attacks.
“When this happens, we don’t know who the attacker is,” Norman told the committee. “They will never send you a signed scattered spider.”
Norman separately called on the government to require reporting on “major” cyberattacks.
Recommended
“It’s clear to us that so many cyberattacks will not be reported to the NCSC. There is reason to believe that two major cyberattacks have not been reported in the last four months.
“It’s not an exaggeration to describe (attack) as traumatic. We’re still in (the system) rebuild mode. For a while, I added that M&S is working to replace or rebuild some of these until October or November, but it doesn’t affect shoppers, but it doesn’t affect shoppers. “It’s like an in vitro experience.”
