Google, a subsidiary of Alphabet, issued a warning on Wednesday, indicating that hackers responsible for disrupting UK retailers are now focused on similar companies in the U.S.
“U.S. retailers need to remain vigilant. These actors are offensive and innovative, particularly skilled at bypassing established security measures,” stated John Hartquist, an analyst in Google’s cybersecurity team, in an email sent Wednesday.
The culprits have identified themselves as part of a group known as “scattered spiders,” which refers to a loosely connected network of highly skilled hackers operating at various levels.
The scattered spiders have been linked to a notably severe cyberattack on M&S, a prominent name in UK retail, which has been unable to conduct online business since April 25th. Hultquist mentioned that this group tends to fixate on one sector at a time and is expected to target retailers for an extended period.
Just a day prior to Google’s alert, M&S revealed that some customer data had been compromised, excluding payment information, card details, or account passwords. Sources indicate that the data may include names, addresses, and order history. M&S acknowledged that personal information was accessed due to the “sophisticated nature of the incident.”
“Today, we are informing customers that some of their personal data have been acquired due to the sophisticated nature of the incident,” the company stated.
Hackers from the scattered spider network have been linked to numerous damaging breaches on both sides of the Atlantic. In 2023, group-associated hackers made headlines for infiltrating casino operators MGM Resort International and Caesars Entertainment.
Law enforcement agencies are struggling to manage the scattered spider hacking groups. This challenge is partly attributed to their fluid structure, uncooperative younger hackers, and the complexities faced by cybercrime victims.
Automakers are concerned that President Trump’s tariffs on imported vehicles and auto parts could soon drive up expenses and impact profits.
However, one company in the automotive sector sees tariffs as a potential benefit. Carvana, an online used car retailer known for its unusual “vending machine” towers for vehicles, is optimistic.
The tariffs, which include a 25% tax on automobiles produced in Mexico, Canada, Germany, and various other nations, are likely to drive up prices for new cars and trucks, pushing more consumers towards second-hand options. The administration announced on Monday that lowered tariffs on Chinese imports will not affect those on vehicles and auto parts.
“As car prices increase, Carvana finds itself in a relatively advantageous position as consumers seek more affordable and higher-quality vehicles,” stated Ernie Garcia, the founder and CEO of the company, in a recent interview. “We anticipate that this shift will lead more customers to second-hand cars and savings from online purchases.”
Trump asserts that the purpose of imposing tariffs is to encourage manufacturers to produce more goods and create jobs in the U.S., although he also suggests they will help address issues like illegal immigration and drug trafficking.
Automakers are preparing for the anticipated repercussions.
Recently, General Motors indicated that tariffs could elevate costs by $2.8 billion to $3.5 billion this year. Ford, which produces more vehicles domestically than GM, estimates a net cost of $1.5 billion due to tariffs. Toyota, importing many vehicles from Japan, predicted costs of $1.3 billion just for March and April.
Analysts warn that prices for certain imported vehicles might soar by as much as $10,000, and new vehicle sales could slow significantly this year.
Alan Hague from a consulting firm in Fort Lauderdale noted that Garcia’s perspective aligns with consumer behavior trends as retail dealers brace for changes.
“I believe we will see an increase in second-hand car sales due to tariffs, and more customers will flock to Carvana’s website as it remains their primary focus,” he remarked.
However, potential drawbacks exist. Should tariffs lead to a recession or significant price hikes in vehicles, both new and used car sales could decline. Currently, used cars at auctions average about $1,000 more than just two months prior.
Hague remarked that it may take a while for the full effects to manifest, as prices for most vehicles on dealer lots have not yet risen dramatically. The first set of imported models subjected to tariffs, enacted in early April, is just starting to arrive, with customs duties on engines, transmissions, and other parts coming into effect shortly after.
Regardless of the outcome, Carvana finds itself in a stronger financial position than in previous years.
In the wake of the Covid pandemic, which propounded a surge in online used car sales, Carvana became a favorite among investors, resulting in soaring stock prices. However, as demand began to wane, the company faced considerable losses while holding a considerable inventory of vehicles purchased at higher costs.
Simultaneously, rising interest rates followed Carvana’s acquisition of Adesa, a used car auction company, leaving analysts wary of the company’s survival due to the increased debt and losses. By February 2023, inventory levels had plunged.
Nonetheless, Garcia managed to renegotiate debts, lower costs, and streamline Carvana’s operations. Over several months, the company reduced its workforce, sold off inventory, and successfully turned Adesa into a cost-effective supplier for vehicles. Recently, the facility was established at 11 Adesa locations to repair and refurbish used vehicles.
These efforts have begun to pay off. Last week, Carvana announced record figures for the first quarter of the year. Profits reached $373 million, a significant increase from $49 million the previous year, selling 133,898 used cars—46% more than in the first quarter of 2024. The average gross profit per vehicle stood just below $7,000.
The company achieved this by maintaining a leaner inventory, reducing advertising spend, and employing around 4,000 fewer people than three years ago, effectively recovering much of the lost ground.
“From 2017 to 2021, our focus was on growth,” explained Garcia. “Over the past two years, we’ve unlocked efficiency, and that’s driving significant performance improvements.”
Garcia now aims for Carvana to sell between 500,000 and 3 million vehicles annually within the next five to ten years.
Many Wall Street analysts are regaining confidence in the company’s prospects, but a significant challenge remains. Finding skilled auto mechanics is quite difficult, and Carvana will require hundreds more to achieve its aim of refurbishing used cars for sale.
“Labor is a major bottleneck,” stated analyst Ronald George from City in a recent report.
Garcia expresses confidence in Carvana’s revamped business model and believes it will thrive, irrespective of shifts in U.S. trade policies.
“I think it demonstrates that customers are willing to buy cars online and that our online model delivers real value,” he concluded.
A few days after Marks & Spencer and the cooperative were targeted, Harrods experienced a cyber attack.
The luxury retailer had to shut down several systems temporarily; however, all stores, including its website, Knightsbridge flagship, H Beauty, and Airport Outlet, remain operational. Retailers became aware of the cyber threats earlier this week.
In a statement, Harrods disclosed: “We have recently encountered attempts to gain unauthorized access to parts of our system. Our experienced IT security team swiftly took proactive measures to secure the system, which led to restricting internet access on our site today.”
The retailer stated that it has not requested any action from its customers, suggesting confidence that data has not been compromised. “We will provide updates as necessary.”
Reported first by Sky News, the Harrods incident unfolds as M&S grapples with challenges stemming from cyberattacks linked to widespread hacking.
M&S has had to pause orders for nearly a week, leading to a loss exceeding £650 million in stock market value. Additionally, the automated inventory system failure has resulted in empty store shelves, while the loyalty program and gift card transactions are suspended.
On Thursday, M&S announced it had halted the hiring of new employees.
The company removed all online job postings from its site while it addresses the fallout from the cyber attack that forced M&S to close its online store.
A note on M&S’s Jobs webpage states, “I’m sorry, but I can’t search or apply for a role right now. I’m working diligently to restore our services as soon as possible.”
Despite having over 200 job openings the previous week, the company, employing approximately 65,000 people across its stores and London headquarters, did not list any positions on Thursday.
A spokesperson stated: “While managing these cyber incidents, we are temporarily pausing some of our usual processes to ensure we can continue delivering the best M&S experience for our customers and employees.
The cooperative also had to disable some internal systems and warned staff to be cautious with their cameras during online meetings after detecting hacking attempts. Stores and online services are still running normally.
Retailers may face similar methods used across various businesses, as many share the same systems as M&S and the cooperatives.
It remains uncertain whether the cyberattacks affecting these three retailers are coordinated by the same group or carried out independently.
The National Cyber Security Center (NCSC) is collaborating with M&S and the cooperative to understand the nature of both incidents and is looking into potential connections. The Metropolitan Police confirmed on Wednesday that cybercrime detectives, alongside teams from the National Crime Agency, are investigating the attack on M&S.
NCSC CEO Richard Horn remarked that the cyber incident should act as a wake-up call for all organizations, urging businesses to ensure they have adequate measures in place for prevention and effective response.
He added: “The NCSC is committed to closely supporting the organizations reporting these incidents to fully comprehend the nature of these attacks and offer expert advice to the wider industry based on the threat landscape.”
In recent years, retailers and their suppliers have faced multiple cyberattacks, including an incident affecting Morrisons due to a problem at high-tech supplier Blue Yonder last Christmas.
In 2023, WH Smith experienced a data breach where sensitive company data, including personal information of current and former employees, was accessed illegally. This occurred less than a year after a cyber incident on WH Smith’s Funky Pigeon website resulted in a week-long suspension of orders.
eBay, an online retailer, has announced that it will cut around 1,000 roles, which is an estimated 9% of its current workforce. eBay CEO Jamie Iannone stated in a letter to employees, “While we are making progress in line with our strategy, our overall headcount and expenses are outpacing business growth.” He added, “To address this, we are implementing organizational changes to align and integrate certain teams to improve the end-to-end experience and better meet the needs of our customers around the world.”
In addition to the job cuts, the company plans to reduce the number of “in-term” contracts. Iannone added, “alternative workforce.” He also stated that company administrators would notify employees whose roles were “eliminated” and asked all eBay staff to work from home on Wednesday “to ensure space and privacy for conversations.” He added, “We recognize that these actions are not something we take lightly and they impact all eBayers. We must say goodbye to people who have made many important contributions to the eBay community and culture, and this is not an easy task.” Last February, eBay laid off 500 employees, 4% of its workforce worldwide, citing a slowdown in consumer spending for the boom in e-commerce spending during the pandemic.
The number of layoffs within Silicon Valley has accelerated recently, with some of the world’s most prominent technology companies instituting large-scale layoff programs in recent months. A memo sent by Google CEO Sundar Pichai earlier this month warned staff that more job cuts could occur this year as the company looks to increase investment in artificial intelligence. The company will cut its workforce by 12,000 in early 2023. This comes after Mark Zuckerberg’s “meta” revealed in March last year that the company plans to cut 10,000 jobs from a peak of 87,000 employees in 2022. This month, language learning app Duolingo also lost about 10% of its contract employees as part of the company’s move to increase its reliance on AI.
Amazon cut hundreds of jobs across its streaming platform Twitch and its film and TV studio division in the second week of January. In December, music streaming service Spotify announced plans to cut 17% of its workforce, which equates to about 1,500 fewer employees.
According to data, more than 13,000 people have been laid off at 72 companies so far this year, according to layoffs.fyi, which tracks job losses in the tech industry.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
