Yazılar

M&S CEO: Cyberattack Fallout Will Largely Be Over by August

/in /tarafından

Marks & Spencer CEO Stuart Machin told shareholders on Tuesday that the British retailer expects to be past the worst effects of a major cyberattack by August, as the company works to restore operations and rebuild consumer trust.

The April cyberattack dealt a serious blow to the company, causing a £300 million ($413 million) hit to profit. It forced M&S to shut down its online store for nearly seven weeks, disrupted stock automation systems, and led to empty shelves in stores during May.

Speaking at M&S’s annual shareholder meeting, Machin said: “I’m really hoping by August, the majority of this is behind us.” This marked the first opportunity for investors to question leadership directly about the incident and its aftermath.

Questions over preventability and accountability were front and center. When asked if the cyberattack could have been prevented, Chairman Archie Norman acknowledged that “there’s always something that could be done” and that M&S continues to examine the details of the breach. Machin added that the attack exploited a third-party contractor via a social engineering tactic.

The CEO defended M&S’s prior cyber readiness, noting that the company had quadrupled its investment in cybersecurity and tripled the size of its cybersecurity team in the year leading up to the breach. “I’m glad we invested then. I’m glad we continue to invest,” Machin said.

One shareholder raised concerns about executive accountability, questioning whether Machin’s £7.1 million pay package, which rose 39% last year, should be reduced in light of the incident. Norman responded that incentive pay was tied to shareholder outcomes and that it was too early to determine adjustments.

Currently, the M&S online store is still only partially operational, with full restoration expected within four weeks. Automation systems at the Donington logistics hub are also expected to be fully functional by August, according to Machin.

In the meantime, the company is focused on reinforcing internal training to defend against further attacks and to bolster awareness of social engineering vulnerabilities.

Leonardo Acquires 24.55% Stake in Finland’s SSH to Bolster Cybersecurity, Marking Progress in European Defence Integration

/in /tarafından

Italy’s defence giant Leonardo will acquire a 24.55% stake in Finnish cybersecurity firm SSH Communications Security, the companies announced Tuesday, marking a significant step in Europe’s efforts to deepen defence cooperation and consolidate its security industry.

With this deal, Leonardo becomes SSH’s largest shareholder, underscoring the growing importance of cybersecurity in multi-domain defence systems. Leonardo, known for its aerospace and defence platforms, views cyber capabilities as critical components of modern warfare, particularly as systems become increasingly interconnected.

SSH CEO Rami Raulas emphasized that the Western defence sector is shifting from national protectionism to international collaboration, noting Leonardo’s investment as part of a broader movement toward shared capabilities and joint ventures across borders. He also cited the BAE-Japan-Leonardo partnership for a next-generation combat jet as an example of this trend.

Raulas added that a growing European sentiment of “Europeans for Europe”—spurred in part by concerns over U.S. foreign policy under Donald Trump—is encouraging intra-European defence partnerships, reducing reliance on American investments.

Leonardo, which posted €18 billion ($21.2 billion) in revenue in 2024, expects its cybersecurity segment to achieve double-digit growth in the coming years. “Cybersecurity will increasingly be embedded into defence platforms and will become a core component of global security solutions,” said Giuseppe Panizzardi, Leonardo’s head of M&A, during a conference call.

The agreement involves €20 million worth of newly issued SSH shares purchased by Leonardo. Upon completion, Accendo Capital, previously SSH’s largest investor, will hold a 20.87% stake.

SSH is recognized for its quantum-safe encryption and Zero Trust architecture—an approach that assumes all users and devices could be threats unless verified. Leonardo said the deal supports the formation of a “Made in Europe” Zero Trust ecosystem, aligning with the EU’s ambitions for digital sovereignty and homegrown cybersecurity infrastructure.

US Judge Approves $177 Million Settlement in AT&T 2024 Data Breach Lawsuits

/in /tarafından

A U.S. judge granted preliminary approval on Friday to a $177 million settlement resolving class-action lawsuits against telecom giant AT&T (T.N) over data breaches in 2024 that exposed personal information of tens of millions of customers. U.S. District Judge Ada Brown in Dallas ruled that the settlement was fair and reasonable.

The settlement addresses claims stemming from breaches announced by AT&T in May and July of last year. Depending on the breach, customers who suffered losses “fairly traceable” to the incidents can receive payments of up to $2,500 or $5,000. After direct loss claims are paid, remaining funds will be distributed to customers whose personal data was accessed.

AT&T denied responsibility for the criminal acts but agreed to the settlement to avoid prolonged and costly litigation. The company expects final approval by the end of 2025 and plans to begin issuing payments early next year.

One breach involved the illegal download of about 109 million customer accounts from AT&T’s Snowflake cloud platform, exposing six months of call and text logs from 2022 for nearly all its customers. In March 2024, AT&T revealed a related data set released on the dark web, affecting approximately 7.6 million current and 65.4 million former account holders, with data dating back to 2019 or earlier.

The Federal Communications Commission (FCC) is also investigating the incidents. Last September, AT&T agreed to pay $13 million to settle an FCC probe into a 2023 data breach involving a cloud vendor that affected 8.9 million wireless customers. The FCC said the exposed data covered customers from 2015 to 2017 and should have been deleted by 2017 or 2018.