Marks & Spencer is to claim for up to £100million in losses as it grapples with a devastating cyber attack over Easter.
The retailer, which this week wrote to at least 18m customers to admit hackers had stolen personal data, has lost millions of pounds in sales after suspending online shopping nearly three weeks ago.
Labour MP Liam Byrne, chairman of the business select committee in Parliament, yesterday said the attack on M&S and other retailers including the Co-op and Harrods was of ‘huge concern’.
The Co-op said it was ‘taking steps to bring systems gradually back online in a safe and controlled manner’ as customers continue to be met with empty shelves after its stock system was thrown into disarray two weeks ago, adding that there would be improved stock availability at its 2,500 shops this weekend.
All forms of payment are now accepted after some shops could not take card payments.
Customers have also had data stolen by a shadow gang called DragonForce, which claims to be behind the attacks on M&S and Harrods too.
Cyber strike: M&S has lost millions of pounds in sales after suspending online shopping nearly three weeks ago
M&S last night would not comment on when shoppers can expect to see online shopping return.
And it cancelled an event which would have seen it showcase its food ranges to influencers next week.
Experts say the scale of the M&S attack means a ‘large chunk’ of the British population has been put on red alert that their data may have fallen into the hands of criminals.
But its cyber policy will cover it for losses of as much as £100million, according to the Financial Times. It is thought that insurer Allianz will pay at least £10million while cyber specialist Beazley is also on the hook.
M&S chief executive Stuart Machin said this week that ‘unfortunately, some personal customer information has been taken’ but this did not include any card or payment details or account passwords.
He insisted there is no suggestion hackers have shared the data and said ‘there is no need for customers to take any action’.
But the retailer told customers to be vigilant towards fraudsters, saying they may ‘receive emails, calls or texts claiming to be from M&S when they are not’.
Machin added: ‘Everyone at M&S is working around the clock to get things back to normal for customers.’ M&S did not explain why it had only told customers of the data breach after it announced it was hacked just after Easter.
Analysts estimate M&S has lost more than £70million of online business. Dan Coatsworth, analyst at AJ Bell, said: ‘M&S has a duty to inform customers as soon as possible if their personal information has been illegally accessed, so it’s worrying the retailer took so long to go public.’
DIY INVESTING PLATFORMS
AJ Bell
AJ Bell
Easy investing and ready-made portfolios
Hargreaves Lansdown
Hargreaves Lansdown
Free fund dealing and investment ideas
interactive investor
interactive investor
Flat-fee investing from £4.99 per month
InvestEngine
InvestEngine
Account and trading fee-free ETF investing
Trading 212
Trading 212
Free share dealing and no account fee
Affiliate links: If you take out a product This is Money may earn a commission. These deals are chosen by our editorial team, as we think they are worth highlighting. This does not affect our editorial independence.
