Explainer: M&S, Co-op, Harrods cyber-attacks

Three major British retailers, Marks & Spencer, Co-op and Harrods have been hit by cyber-attacks in the span of two weeks.

What happened?

On 21 April, Marks & Spencer confirmed it was dealing with a cyber incident after customers reported issues making contactless payments and doing click and collect orders. Four days later, the retailer was forced to suspend online orders on its website and apps “as a precaution”.

It is now known the hit was a ransomware attack. This happens when criminals use malicious software to access a business’ computer systems and steal data, locking them away until a ransom is paid.

Two days ago, Co-op “pre-emptively” shut down parts of its IT systems following an attempted hack.

And on Thursday, Harrods became the latest retailer to be targeted by cybercriminals, forcing it to restrict internet access to its sites as a “proactive” step “to keep systems safe”.

What has been the impact?

M&S’s shares have dropped by around five per cent since the cyber incident took place, and it has lost millions of pounds in revenue, with online shopping making up about one-third of its clothing and home sales. 

It has also paused all recruitment, removing all job listings from its website.

Shelves are also empty in some stores, after the firm took some of its systems offline in response to the attack.

Co-op stores remain open, but the supermarket chain said some of its back office and call centre services were affected by the attempted breach. It has since sent instructions to its 70,000 staff members, to keep cameras on during remote meetings and not to record or transcribe Teams calls in a bid to combat any potential hack.

Harrods has not revealed what the scale of the impact on its network was, and customers can still shop online, as well as at its Knightsbridge, H Beauty and airport stores. A Harrods spokesperson said: "We are not asking our customers to do anything differently at this point, and we will continue to provide updates as necessary."

Has customer data been stolen?

None of the retailers have said that customer data has been stolen.

Who is behind the attack?

It is not yet confirmed who orchestrated the attacks, but a group called Scattered Spider has been linked to the hit on M&S.

It is also unknown whether the three incidents are linked.  

What’s next?

The National Cyber Security Centre is working with the affected companies but warned UK firms that the incident “should act as a wake-up call” on the importance of having the “appropriate” measures in place to manage a cyber-attack.