Rising Cyberattacks Ransom Retailers
cyberattacks

Written by:

Share

Facebook
Twitter
LinkedIn
Pinterest
Email
Print

It’s the stuff that digital nightmares are made of. A successful cyberattack that included access to customer details forced a six-week shutdown of ecommerce and took over $400 million off the bottom line after a ransom note declared “Let’s get the party started.”

The future of retail is sovereign when it comes to data and European data has never been more under attack. What we see around the world is a loss of the rules and countries such as Russia and North Korea are centers of ransomware and a risk to retailers and therefore their relationships with their customers.

Little wonder then that Stuart Machin, the popular CEO of high-flying U.K. department store group Marks & Spencer, described himself as being in shock when the ransom note was sent directly to his inbox along with half a dozen of his senior execs.

Until June 10 there was little let-up for Marks & Spencer when it was finally able to reopen its website to shoppers, a full six weeks after it was forced to halt online orders following the hugely damaging cyberattack. On its website, M&S simply welcomed customers back with the message that shoppers, “can now place online orders with standard delivery to England, Scotland and Wales.” It also confirmed that deliveries to Northern Ireland would take several more weeks, as would the resumption of click and collect, next-day and nominated-day delivery and international ordering.

A $34 Million a Week Problem

It’s no wonder that M&S was trying to resolve the situation as fast as possible as it is estimated to have lost around $34 million in online apparel and homewares sales a week after it was forced to stop taking orders within days of when the infamous ‘threat actors’ collective DragonForce gained access to its systems over the Easter weekend in a follow-up to another attack by separate ransomware group, Scattered Spider

Beyond the embarrassing reputational damage, once the dust finally settles the company expects the hack to cost it over $400 million in profits this year, although about half of that is expected to be offset by insurance and other measures. Particularly galling was the fact that M&S had posted some strong and positive results – only to be bitten in the etail by the hackers.

In the meantime, shoppers have been able to browse online, and shop in M&S’s physical stores using cash or third-party cards since the hack. However, in-store stocks of food and apparel have also been affected, meaning M&S has lost out on sales during what in the U.K. had been an unexpectedly warm, sunny spring. M&S has also conceded that some personal information relating to thousands of its customers including their names, addresses, dates of birth and order histories, was taken during the cyber-attack.

M&S Recovers Slowly

With the website back up and running, Machin said that he expects the retailer to recover “at pace,” in part by bringing forward planned investment in the company’s IT systems and website during the rebuild forced by the hackers. Machin has fast-tracked that investment after originally earmarking three years for the upgrade but now looking to complete the project within 18 months. “I went into shock. It’s in the pit of your stomach, the anxiety. But you have to think: ‘Stuart, you have to lead this, you have to keep a cool head,’” Machin told U.K. publication The Mail on Sunday. “I have learned everyone is vulnerable. The hackers only need to be lucky once.”

Chronicle of a Cyberattack

So, what actually happened? On April 23 the hacker group DragonForce sent an abuse-filled email in broken English directly to Machin bragging about the attack and demanding a ransom payment. They had successfully infiltrated a London-based employee’s email account, apparently using the account from the Indian IT giant Tata Consultancy Services (TCS), which has provided IT services to M&S for over a decade.

“We have marched the ways (stet) from China all the way to the U.K. and have mercilessly raped your company and encrypted all the servers,” the hackers wrote in a message that also included a racist epithet. “The dragon wants to speak to you so please head over to [our darknet website].”

In addition to boasting about installing ransomware across the M&S IT system to render it useless, the hackers also claimed that they had stolen the private data of millions of the retailer’s customers and shared a darknet link to a portal created for DragonForce victims to begin negotiating the ransom fee. “Let’s get the party started. Message us, we will make this fast and easy for us,” the hackers said.

Cyberattacks on Both Sides of the Pond

The attack on M&S was not a lone-wolf operation. The news about the attack on one of the U.K.’s biggest retailers first emerged days before cyberattacks were also reported by U.K. convenience store chain the Co-op and upscale London department store Harrods. Both retailers had to shut down parts of their IT systems as a result. Or that after the cyberattack trend crossed the Atlantic, the FBI got involved when retailers became easy picking for sophisticated hackers determined to wreak havoc and extort money. Recently, sportswear brand Adidas and lingerie group Victoria’s Secret have also been targeted.

In May, Adidas warned that its customer data had been compromised and confirmed that the cybercriminals had accessed certain consumer data through a third-party customer service provider. Adidas insisted that no passwords or payment details had been taken by the attackers and that it was in the process of informing its customers. “We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the company said in a statement and added that the compromised data “mainly consists of contact information” relating to consumers who had contacted its customer service help desk in the past.

Meantime, the website for Victoria’s Secret was quietly taken offline after a prolonged “security incident.” Shoppers visiting the website during the several days of shutdown were met with a pink screen with the company’s statement rather than its usual selection of merchandise. The retailer had “identified” and was “taking steps to address a security incident,” according to a statement posted on its website. “We have taken down our website and some in-store services as a precaution.” At its first quarter earnings update on June 11, Victoria’s Secret CFO Scott Sekella conceded that the retailer expects to take a $10 million hit in its operating income as a result of the cyberattack.

Grocery retailer Ahold Delhaize USA was also targeted after the hackers managed to log into an account at one of its U.S. retail locations, but the incident was “isolated and contained,” according to an internal Ahold Delhaize report CNN said.

Meantime, health food wholesaler UNFI, the primary food distributor for Whole Foods, had to take some of its systems offline after a cyberattack on June 5 which has led, anecdotally, to some empty shelves at the upscale grocer. In a regulatory filing, UNFI said it became aware of an incident in its information technology systems, which has caused “temporary disruptions to the company’s business operations.”

A Sign of the Times

The recent spate of cyberattacks is worrying enough for the retailers impacted and have caused alarm across the industry, but the real question is what may be yet to come. Schwarz Digits CEO Rolf Schumann warned of cyberattacks at World Retail Congress in London in May as he claimed that the future of retail is sovereign when it comes to data and that European data has never been more under attack. “What we see around the world is a loss of the rules, because we live in a rules-based world,” he said, pointing to countries such as Russia and North Korea as centers of ransomware and highlighting the risk to retailers and therefore their relationship with their customers. “Look at the aggressiveness we face every day from the U.S. and China for our [Europe’s] data. How can we turn Europe into a data colony? Who owns the data owns the knowledge,” he said.

How darkly prescient those comments were. With seven retailers across the U.K. and the U.S. attacked within weeks of each other, the ransomware actors are becoming bolder and their attacks are becoming more frequent. In an increasingly dangerous and volatile world, cybersecurity is set to become a cornerstone of protecting privacy, service, and all-important consumer trust.

The Daily Report

Subscribe to The Robin Report and get our latest retail insights delivered to your inbox.

Related

Articles

Subscribe
Subscribe
Scroll to Top
the Daily Report

Insights + Interviews right to your inbox.

Skip to content