We look at how to stay safe online after three big retail names are struck by cyber attacks
Some of the UK’s biggest retail name have been struck by a spate of recent cyber attacks stalling online shopping and putting personal data at risk.
Marks and Spencer, Co-op and Harrods have all fallen victim prompting the National Cyber Security Centre to warn this should be seen as a “wake-up call to all organisations”.
For those on the other side of the retail fence, it also raises concerns about personal cyber security and the risk of being hacked.
Keeping devices, data and your identity safe from hackers is key and an ongoing issue.
We take a look at some of the best approaches to protection and what to do if you are the victim of hacking.
How to stay secure online?
Hacking is a term to describe an attempt to gain unauthorised access to devices, data or online accounts enabling perpetrators to find and exploit personal and financial information.
To prevent this happening to you, the National Cyber Security Centre has seven top tips to ensure your devices, personal details and online are safe.
- Use strong, separate passwords for emails. Cyber criminals can use email accounts to access many personal accounts, leaving people vulnerable to identity theft. Using a password you don’t use for any other accounts, either at home or at work, is key.
- Install the latest software and app updates. Software and app updates include protection from viruses and other kinds of malware, and will often include improvements and new features.
- Turn on two-step verification (2SV). Turning on 2SV is one of the most effective ways to protect online accounts from cyber criminals. It adds an extra layer of protection to online accounts, with a second verification step such as a code sent to your phone or an authenticator app before logging in. Important accounts, such as email, banking, social media and online shopping, should have two-step verification.
- Use password managers. These are software applications or tools that can can help generate and store strong passwords securely. This means you can use unique, strong passwords for important accounts rather than using the same password for all of them.
- Back up data. Safeguard your most important data, such as your photos and key documents, by backing them up to an external hard drive or a cloud-based storage system.
- Three random words. Use three random words to create a password that is difficult to crack. The longer and more unusual your password is, the harder it is for a cyber criminal to crack.
What should you do if hacked?
If you think you have been hacked and you can no longer access an account or you have noticed unusual activity, then it’s important to act quickly.
There are a number of steps you should take to limit the damage and protect your details and accounts and those of your contacts, according to the NCSC.
- Contact your account provider. Go to the account provider’s website and search their help or support pages where it should explain the account recovery process.
- Check you email account. Check email filters and forwarding rules. Cyber criminals sometimes set up a forwarding rule to automatically receive a copy of all emails sent to your account, allowing them to reset your passwords.
- Change passwords. Immediately change the password for the hacked account and any accounts where you use the same password.
- Log out of all devices and apps in your account. When you have changed your passwords, log out of the account on any devices and apps using the ‘settings’ menu or ‘privacy’ or ‘account’ options.
- Set up two-step verification. This means even if a criminal knows your password, they won’t be able to access your accounts.
- Update devices. Turn on ‘automatic updates’ on your device settings so you don’t have to remember to do it.
- Tell your contacts. Get in touch with friends or followers linked to the hacked account. Let them know you were hacked so they can protect their accounts.
- Check bank statements and online store accounts. A hacked email account can lead to hacks elsewhere. Look out for unauthorised purchases and check bank accounts for unusual transactions. Report any to your bank.
- Report hacking incidents. Report to Action Fraud or Police Scotland, if in Scotland.
What happened to M&S, Co-op and Harrods?
Marks and Spencer were the first to be hit by the spate of cyber attacks over the Easter weekend, creating problems with its ‘click and collect’ and contactless payments.
Since then, it has experienced issues with online orders, product availability and even recruitment.
Two weeks after the cyber attack, the retailer’s chief executive Stuart Machin said it was still “working day and night” to manage the incident and urged customers to shop in store this bank holiday weekend.
He posted on social media yesterday: “We are really sorry that we have not been able to offer you the service you expect from M&S over the last week.
“We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible.
“Out teams are doing the very best they can, and are ready to welcome you into our stores – whether you are shopping for food or for fashion, home and beauty this bank holiday weekend.”
More than £650m has been wiped off the market value of M&S since the cyber-attack
The Metropolitan Police has confirmed officers from its cyber crime unit are investigating the incident.
Co-op was the next big retailer to come under attack from hackers, with part of its IT system shut off after an attempted hack.
A Co-op spokesperson said on Friday 2 May the firm was “continuing to experience sustained malicious attempts by hackers to access our systems”.
They added: “This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA.
“We have implemented measures to ensure that we prevent unauthorised access to our systems while minimising disruption for our members, customers, colleagues and partners.
“As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems.
“The accessed data included information relating to a significant number of our current and past members.”
They said the data includes Co-op Group members’ personal data such as names and contact details but did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.
“Protecting the security of our members’ and customers’ data is a priority, and we are very sorry that this situation has arisen,” they said.
Luxury department store Harrods was the third victim after it said it had restricted internet access across its sites on Thursday as a precautionary measure, following an attempt to gain unauthorised access to its systems.
A store spokesperson said: “We recently experienced attempts to gain unauthorised access to some of our systems.
“Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today.
“Currently, all sites – including our Knightsbridge store, H beauty stores and airport stores – remain open to welcome customers.
“Customers can also continue to shop via harrods.com.”
The National Cyber Security Centre (NCSC) has confirmed it is working with the organisations affected.
NCSC chief executive Dr Richard Horne said: “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.
“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.
“These incidents should act as a wake-up call to all organisations.
“I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively”
