Marks and Spencer (MKS.L) stated on Tuesday that a cyber attack compromised some personal customer information. This attack has crippled their online operations for over three weeks.
M&S, a prominent British retailer, halted online orders on April 25. Since the Easter weekend, when order problems began, their share price has dropped 15%.
The retailer is widely believed to be the victim of a ransomware attack. In this type of attack, criminals infiltrate systems, encrypt them, and demand payment for restoration.
M&S confirmed that some customer details were taken. They attributed this to the “sophisticated nature” of the incident and pledged to inform affected customers.
M&S clarified, “Importantly, the data does not include useable payment or card details, which we do not hold on our systems, and it does not include any account passwords.” The company also said, “There is no evidence that this data has been shared.”
The company advised customers that there was “no need to take any action.” They added that they are working to restore normal operations. They have taken steps to protect their systems, and are collaborating with cybersecurity experts, law enforcement, and government agencies.
M&S has not yet quantified the financial impact. However, it is growing daily because they are missing sales of new season ranges during warm weather. Online sales account for about one-third of their clothing and home sales.
Deutsche Bank analysts estimated earlier this month that the profit hit would be at least 30 million pounds. They also estimated a weekly run rate of about 15 million pounds.
The analysts said cyber insurance would likely cover most of the impact. But they added that “cover is generally provided for a limited amount of time.”
Click here for more Technology news.