By Sze Wing Ng
Recently, big supermarkets such as M&S and Co-op and even Harrods have been hacked with personal data of M&S customers, having been stolen by the hackers with a malicious software called ransomware. Shelves now seem empty after the cyber attack. According to the BBC, the attack occurred in April when customers reported problems with the ‘Click & Collect’ services and contactless payments in stores. The supermarket then confirmed it was a cyber attack, and has since been trying to recover the system. According to Bank of America Global Research by the BBC, this has caused M&S £43 million a week in lost sales. Co-op was also hit with a similar attack, but had less damage compared to M&S.
Co-op states that they are in the recovering phase, and their supplies to stores will return to normal soon, seemingly having more progress compared to M&S. It is said by techRepublic that they took their computer services offline before they were infected, which meant that it never had a chance to encrypt the systems. Therefore Co-op believes that their customer’s passwords, bank or credit card details were not accessed or exposed. According to the BBC, The cyber-attack has caused millions of pounds of lost sales for M&S, and left it struggling to get services back to normal, with online orders paused for more than three weeks since the 25st of April. The BBC states that supermarkets had to shut down some of its IT systems due to the attack, and the attack has caused payment problems, widespread shortages of goods in shops, and customer and staff data was compromised.
The attack has not only affected their online services, but systems in stores as well. Staff have to check the freezer regularly, as the defrost alarm is not working. Their ‘Sparks’ app cannot process awards, and some stores only have cash payment available. They have to lock out online staff and tell agency depot workers to stay at home. M&S has said people do not need to take any action, but for extra security, users will be prompted to reset their password for their online account. According to The Guardian, the retailer has stated that “importantly, the data does not include usable payment or card details, which we do not hold on our systems, and it does not include any account passwords. There is no evidence that this data has been shared.”
Hackers who are involved in the cyber attack have spoken out to the BBC, saying they have used a cybercrime service known as DragonForce, and stating “Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics, and torching shareholder value.” According to the BBC, the hackers still stole a large amount of customer data and were planning to infect the company with ransomware. We will have to see how M&S and Co-op recover from this major cyber attack and improve their online security to not let this happen again.