The chairman of U.K. retail giant Marks & Spencer declined to disclose to a panel of lawmakers whether the company paid a ransom to a hacking group following a cyberattack earlier this year. Reports Technology News
“We’ve said that we are not discussing any of the details of our interaction with the threat actor,” said chairman Archie Norman, referring to the ransom payment. “We don’t think it’s in the public interest to go into that subject partly because it is a matter of law enforcement.”
Norman stated that “nobody” at Marks & Spencer had direct contact with the cybercriminals behind the ransomware attack, which he attributed to the group known as DragonForce.
In May, the retailer revealed that hackers had stolen an unspecified amount of customer data, including names, dates of birth, home and email addresses, phone numbers, household details, and online order histories. The breach also caused significant operational disruption, leaving shelves empty and preventing customers from placing online orders for weeks.
Speaking to lawmakers, Norman said recovery efforts are ongoing and are expected to continue through October or November.
