The cybersecurity incidents involving multiple retailers from the United Kingdom should be considered a wake-up call to all organizations, the National Cyber Security Centre (NCSC) says in a statement.
Over the past few weeks, several British retailers have been attacked by hackers. Marks & Spencer was the first one to come forward, stating that it had been managing a “cybersecurity incident.”
The incident impacted the company’s contactless payment system and caused its in-store pickup purchases to go offline. Stores remained open, and Marks & Spencer’s website and app continued to operate as normal.
A few days later, London-based luxury department store Harrods publicly disclosed that it had been dealing with a cyberattack as well. “Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today,” Harrods said in a statement.
Around the same time, British supermarket chain Co-op confirmed to the London Stock Exchange that it had sustained “malicious attempts” by hackers to access its systems. “We have implemented measures to ensure that we prevent unauthorized access to our systems whilst minimizing disruption for our members, customers, colleagues and partners,” the company stated.
However, forensic investigations showed that the attackers were able to access and extract data from one of the company’s systems, relating to “a significant number” of current and former customers.
The NCSC has been working with all three affected organizations. The British cybersecurity agency is warning other businesses to be careful and take cybersecurity more seriously.
“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public. These incidents should act as a wake-up call to all organizations,” Dr. Richard Horne, CEO of the NCSC, says in a press release.
He urges leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond effectively.
The BBC was the first news outlet to report that a ransomware group called DragonForce was responsible for the attacks on the retailers. The operation is known for its double extortion tactics, meaning they exfiltrate their victims’ data and threaten to publish it if a hefty ransom demand isn’t paid.
Your email address will not be published. Required fields are markedmarked