M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry

British businesses should have legally reported big cyber attacks, and Marx & Spencer’s boss proposed for claiming that two hackkin has not been reported in recent months.

As evidence of the impact of the major cyber attack on MPs, the retailer’s chair Archie Norman forced to close the online store for almost seven weeks.

He said that the lock online clothing distribution center in Castle Donington in Leicestershire is still offline: “Explain will not be an exaggeration. [the attack] Traumatically ”and gibi like an unhappy experience”.

Norman Parliament Economic Security, Weapons and Export Controls Business and Trade Sub -Committee M&S helped Hack to protect themselves about the British Cyber ​​Guard Dog – National Cyber ​​Security Center – other businesses and computer pirates.

He said that making such reports compulsory is a “very interesting idea, because“ numerous serious cyber attacks are never reported to NCSC ”.

“We have reason to believe that there are two major cyber attacks in large British companies that have not been notified in the last four months,” he said.

The claim comes after Deputy David Davis claimed that an anonymous British company in Parliament claimed that he had “recently paid a large amount to the blackmail”.

Norman said that M & S paid a ransom by saying that it was a “law enforcement issue, and that the enterprise did not discuss the details of the interaction with the threat actor”.

However, he said that any business paying a ransom may have to ask for what they will get in return. “In our case, it was greatly damaged,” he said.

The M&S attack, which began on April 17 and identified by M&S a few days later, included the deployment of ransom software. A Hack Collective, known as the scattered spider, is attacked.

Norman said that the attack was sophisticated, including a third -party contractor.

“M & S has media reports that leave the back door open. We did not.”

The group said that the year before the attack spent hundreds of millions of pounds to increase cyber security and increased the prevention team to 80.

“Anyone who is exposed to such a big cyber attack cannot say a thousand things you can do differently,” he said. However, he argued that it was almost impossible for an organization with many workers and contractor to stop a stable “threat player”.

M & S’s General Council Nick Folland told MPS to recommend that M & S will be sure that you can run your business on pen and paper, because this is what you have to do when you hit a serious attack.

All organizations should notify significant violations of personal data to the Information Commissioner Office, which is the British data protection observer within 72 hours.