The chairman of U.Ok. retail big Marks & Spencer declined to inform a panel of lawmakers whether or not the corporate paid a hacking group following a ransomware assault earlier this 12 months.
“We’ve mentioned that we’re not discussing any of the small print of our interplay with the menace actor,” mentioned chairman Archie Norman, referring to the ransom cost. “We don’t assume it’s within the public curiosity to enter that topic partly as a result of it’s a matter of legislation enforcement.”
Norman mentioned that “no one” at Marks & Spencer interacted instantly with the cybercriminals, which he attributed to the ransomware gang DragonForce.
In Could, Marks & Spencer disclosed that hackers had stolen an unspecified quantity of buyer information, together with names, dates of beginning, house and electronic mail addresses, cellphone numbers, family data, and on-line order histories. The breach additionally disrupted operations for weeks, leaving cabinets empty, and clients unable to order on-line.
Norman advised lawmakers that the corporate remains to be coping with restoration efforts and can proceed to take action till October or November.