Brinztech Alert: Marks & Spencer Tech Chief Quits After Costly Cyberattack

Dark Web News Analysis

The head of technology at the major UK retailer Marks & Spencer (M&S), Rachel Higham, has resigned from her position just months after the company was hit by a massive cyberattack over Easter. The attack, which led to the theft of personal data from millions of customers, is estimated to cost the business £300 million in lost profits this year. In the wake of the incident, the company’s operations director, Sacha Berendji, was appointed “chief recovery officer” and will now take over Higham’s responsibilities.  

The attack forced M&S to halt all website and app orders, causing its food stocking systems to fall into chaos and leaving shelves empty. The retailer was unable to sell clothes and homeware online for nearly two months. The threat actor group responsible, a shadowy gang of cybercriminals calling themselves “Scattered Lapsus$ Hunters,” has also claimed responsibility for recent attacks on Jaguar Land Rover and other major retailers.  

Key Insights

This high-profile incident and its aftermath provide several critical insights:

• The Devastating Business Impact of a Cyberattack: The estimated £300 million loss highlights that a cyberattack is not just an IT problem but a catastrophic business event. The disruption to M&S’s e-commerce and logistics operations for months on end resulted in massive financial losses and sent shoppers to competitors.  
• Executive Fallout and Accountability: The resignation of the Chief Digital and Technology Officer is a clear consequence of the attack’s severity. This underscores the immense pressure and accountability placed on C-suite executives, particularly CISOs and CTOs, to prepare for and respond to major security failures.
• The Work of a Prolific and Coordinated Threat Actor: The attack has been attributed to “Scattered Lapsus$ Hunters,” a syndicate reportedly associated with the notorious Lapsus$ and Scattered Spider groups. These actors are known for their highly effective social engineering tactics and have been linked to a string of other high-profile breaches, including the massive Salesforce-Drift supply chain attack.  

Strategic Recommendations

The M&S breach offers crucial lessons for all large enterprises, especially in the retail sector:

• Business Continuity Must Be Central to Incident Response: The massive financial loss was a direct result of operational disruption. Incident response plans must go beyond technical IT recovery and focus on business continuity—how to continue core business functions like selling products and managing logistics when primary systems are offline.  
• Defend Against Sophisticated Social Engineering: The attributed threat actor specializes in social engineering. All organizations must invest heavily in continuous training for their employees, particularly IT and help desk staff, on how to recognize and resist sophisticated vishing (voice phishing) and impersonation attacks.
• Cyber Risk is a Board-Level Responsibility: The executive departure underscores that cybersecurity is a fundamental, board-level issue. Boards of directors must take an active role in understanding and governing cyber risk, ensuring that their CISO and CTO are adequately resourced and that the entire business is prepared to respond to a major incident.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com