The cyberattack that derailed Marks & Spencer Group Plc’s operation
ations for weeks was the result of a “sophisticated impersonation” of one of the retailer’s third-party users, according to Chairman Archie Norman.
The hackers entered M&S’s systems on April 17 and the company detected them two days later, Norman told
members of the UK Parliament’s business and trade committee Tue
sday. That triggered a “traumatic” period, with the cyber team getting barely any sleep as they grappled with the fallout, he said.
“It’s fair to say that everyone at M&S experienced it,” he said. “We’re still in the rebuilding mode and will be for some time to come
come,” although things will return to normal for customers by the end of this month, Norman added.
Read more: UK Companies Should Have to Disclose Major Cyberattacks, M&S Says
A cybercrime gang known as “DragonForce” claimed it carried
out the attack on M&S, which the retailer has estimated will deal a £
300 million ($408 million) blows to operating profit. Its shares are down over 15% since April 22, when M&S first announced it had b
een dealing with a cyberattack for several days.
See more beautiful photo albums Here >>>
Norman declined to say whether M&S had paid a ransom, saying it
was a matter for law enforcement and that M&S was working with the Natio
nal Crime Agency. “We don't think it's in the public interest to go into that subject,” he said.
The retailer has also been working with the UK's National Cyber
Security Center and other authorities, and have been in contact with the FBI
in the US, Norman said. “It’s understood that the FBI are more muscled up
in this zone — 60% of all cyberattacks reported happen in America anyway,” he said.
M&S expects to “receive some substantial recovery” from an
insurance claim, although Norman said the process could take 18 months.
The retailer was one o
f several businesses ta
targeted by cyberattacks in April, including the Co-op Group supermarket and luxury department store Harrods.