M&S: FTSE 100 shares rise after major cyber attack update
Marks and Spencer’s (M&S) share price has risen as investors breathed a sigh of relief that hackers haven’t accessed ring-fenced bank details, although the cyber attack remains ongoing.
The FTSE 100 retail giant told markets this morning that some customer data was stolen during the attack, but that the data does not include useable payment details or account passwords.
Its share price rose 1.4 per cent in the immediate aftermath of the update. However, they are still significantly down on where they were before the cyber attack became public knowledge.
Investors have been anxiously awaiting updates on the cyber attack, which M&S first alerted markets to on 22 April.
“The revelations that customer details have been stolen is not surprising, given the deep nature of the breach, but it’s yet another setback for the company, which is trying to minimise damage to its reputation,” Susannah Streeter, head of money and markets, Hargreaves Lansdown, said.
“The saving grace is that the compromised data does not include usable card details or payment data and passwords have not been compromised.”
M&S said that there is no need for customers to take action, but that they will be asked to reset their password on the company’s website for peace of mind.
“The share price has risen in early trade in a beat of relief… But the update highlights that the cyber chaos is still without end, with the financial damage to the company piling up,” Streeter added.
The shares are down almost 18 per cent since the crisis unfolded during the Easter weekend.
‘No sign’ of when M&S will resume online orders
During the attack, M&S initially saw problems with its contactless payments and click and collect orders, then paused orders through its website and app.
Online orders have now been down for three weeks, with no information on when they might resume.
This is likely to affect fashion more than food sales, with M&S set to miss out on shoppers adding summer clothes to online baskets in the warm weather.
“M&S is one of the UK’s most loved retailers… the fact some personal data has been taken means M&S has a big mountain climb to win back shoppers’ trust,” AJ Bell analyst Russ Mould said.
“The big unknown is the hit to earnings from all the disruption and that information – once it comes – could have a major influence on the share price,” he added.
Streeter, however, said that a “bright spot” for M&S was the “swell of loyalty shown by customers”.
“Anecdotal evidence [suggests] that some shoppers have gone the extra mile and are shopping more in M&S stores in a show of support,” she said.
Stolen data ‘prime material’ for further attacks
Amid the chaos of three consective cyber attacks – at the Co-op, M&S and Harrods – cyber crime experts have told online shoppers to stay vigilant.
“Stay vigilant for phishing messages pretending to be from M&S or other companies you’ve dealt with.
“These attackers might use the leaked M&S information to craft very convincing scams,” Matt Hull, head of threat intelligence at global cyber security company NCC Group, said.
“Cyber criminals are also likely to sell this data on the dark web as well, putting customers at even more risk,” Hull added.
Max Vetter, VP of cyber at Immersive, added: “The stolen data is prime material for social engineering and phishing, especially in the hands of a group like Scattered Spider, who often play a long game.”