Displaying items by tag: cybersecurity

Marks & Spencer has confirmed that a major cyber attack will cost the company around £300 million, following significant disruption to its operations. The breach, traced to third-party access caused by 'human error’, has impacted contactless payments, online orders, and in-store stock availability. Almost a month on, M&S is still unable to process online orders in its fashion, home, and beauty departments - losing an estimated £3.5 million per day in sales. Chief executive Stuart Machin stressed that the company had not underinvested in security, noting that other retailers such as Harrods and the Co-op have also faced similar attacks. The breach has also resulted in customer data theft, though no payment details or passwords were compromised. The Government has called the recent wave of cyber attacks a 'wake-up call' for UK industry, warning of the need for greater resilience amid growing digital threats.

The National Cyber Security Centre (NCSC) has issued a warning following recent cyber attacks targeting major retailers including Marks & Spencer, Co-op, and Harrods. Criminal hackers have reportedly impersonated IT help desks to infiltrate company systems, a tactic known as social engineering. The NCSC urges organisations to review their password reset procedures and authentication processes, especially for senior staff with high-level access. Cybersecurity experts advise using multi-layered verification methods, including codewords, to prevent breaches. Although an anonymous group claiming responsibility, calling themselves DragonForce, denies links to the notorious Scattered Spider hacking collective, the methods used are strikingly similar. These hackers have previously carried out high-profile attacks, including on Las Vegas casinos. The NCSC emphasises vigilance against risky logins and unusual account activity. Law enforcement is investigating, with ongoing efforts to confirm links between recent attacks. The Co-op has admitted customer data was compromised, while M\&S’s breach is under investigation. Businesses are reminded to bolster security, as this wave of attacks highlights the evolving threat landscape in today’s digital world.

The Government’s secret demand to access Apple customers’ encrypted data has drawn sharp criticism from the US intelligence community. Tulsi Gabbard, the US director of national intelligence, revealed she was not informed about this move and is now investigating whether it violates US citizens’ privacy rights. The request would force Apple to break its encryption, something the company has refused to do. In response, Apple removed its highest-level security tool, Advanced Data Protection, from UK devices last week. This means UK customers' data remains encrypted but accessible to Apple if served with a legal warrant. The USA is now reviewing the UK’s actions, with concerns over whether it breaches agreements between the two nations on protecting citizens' private data. The Government has so far declined to comment on the matter.