Latest news with #ITsystem
Irish Times
28-05-2025
- Business
- Irish Times
Arts Council takes legal action against contractors in €6.7m IT project
The Arts Council has commenced legal proceedings against two contractors involved in the failed project to develop an IT system for the organisation which cost nearly €6.7 million, the Dáil Public Accounts Committee will be told this week. The council is to also inform the committee on Thursday that it is in the pre-action stage in relation to two others. 'We are vigorously pursuing our cases to reduce the loss to the taxpayer,' the council is expected to say. There was fury in Government in February when it emerged that the Arts Council had had to scrap plans for a business transformation programme aiming to bring together five existing systems, including those dealing with grants. READ MORE Minister for Arts Patrick O'Donovan said there were a number of governance failures within the Arts Council. [ Arts Council demands high standards of cultural organisations. It failed to meet them itself Opens in new window ] Minister for Public Expenditure Jack Chambers described the whole episode in a confidential memo to Cabinet as 'a massive waste of money'. The Public Accounts Committee is scheduled to hear from the Arts Council on the controversy on Thursday. Arts Council director Maureen Kennelly is expected to tell the committee that 'lack of internal expertise, poor performance by our contractors and also the impact of Covid-19, all contributed to the project failure'. 'We engaged external contractors to manage and deliver the work, as we did not have the internal resources to deliver this large-scale project. As we approached our expected delivery in September 2022, a year later than initially planned, multiple bugs were discovered. 'This substandard work meant the project could not move forward to completion. We ended contracts with both our testers and developers, changed the developers, project governance and management structure, and began work to rectify and complete the programme.' She is expected to say that 'following a review and attempted reworking, we were ultimately advised by new ICT consultants at the end of 2023, that the system was too flawed to rectify in a reasonable timeframe'. [ Documents prepared for Minister last summer revealed depth of botched Arts Council IT project Opens in new window ] 'System development then paused, and it stopped following a board decision, with the input of the Office of Government Chief Information Officer (OGCIO), in June 2024. The effect of this decision was an overall loss of value of €5.3 million, which was reported to the Comptroller and Auditor General and included in our 2023 annual report and accounts. 'Throughout, we provided information and discussed with our colleagues in the Department (of Arts) how increasing costs were to be funded from within our capital grant.' The Arts Council has said €6.675 million was spent on the endeavour, of which €1.2 million was spent on work that can be 'reused'. The project was paused in late 2023 and discontinued from June 2024. Arts Council chairwoman Maura McGrath is expected to tell the committee the IT project 'was not and is not an optional extra'. 'It began out of necessity, and it is a necessity that remains to be addressed. However, the expectation that small State bodies set up for specialist purposes should be expected to carry the load on complex IT projects should be questioned.'
The Guardian
21-05-2025
- Business
- The Guardian
The M&S cyber-attack is costly and embarrassing, but it should pull through
Shouldn't a robust IT system be able to withstand the odd 'human error', such as somebody at a third-party supplier being hoodwinked by devious cybercriminals? Isn't £300m at the expensive end for these events? And should it really take four-and-a-half weeks, and counting, for one of the UK's biggest and well-resourced retailers to restore its website to working order? The response of Marks & Spencer's chief executive, Stuart Machin, to such questions ran along these lines: the incident had nothing to do with underinvestment in IT; everyone is vulnerable; M&S was unlucky; the 'moment in time' will pass and everything will be back to normal by July at the latest. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion Too complacent? Marking his own homework? Well, before joining the chorus that says M&S should have been better prepared, one should probably say that assessing corporate responses to these cyber-attacks is impossible from the outside. M&S can't share the full details of what happened, just as nobody ever does. One suspects its reaction was better than most, but there isn't a league table to consult. We will have to wait to see what, if any, fine is dished out by the Information Commissioner's Office for breaches of customers' data. But Machin is probably on safe ground with his 'bump in the road' financial thesis. If the top-line hit of £300m can be whittled down to £150m-ish after the arm-wrestle with the insurers plus management of costs 'and other trading actions', one is looking at a number that, while large, is a long way from upsetting M&S's broader revival. This is a group that has just reported a 22% jump in underlying pre-tax profits to £876m, its best result in 17 years, and the balance sheet these days is a model of conservatism, showing year-end net cash of £438m ignoring lease liabilities. As long as the IT/cyber issues are contained and fixable, M&S can handle the financial blow. The website, which is where the crisis was concentrated (and still is), accounts for only a tenth of sales. Ensuring it comes back reliably, as opposed to prioritising absolute speed, sounds sensible. It is hard to know how customers will react, of course. Machin probably shouldn't place too much weight on the fact that many are telling him they're terribly supportive; the ones to worry about are the non-communicative sort. 'We are nervous that customers will have their long-term habits changed,' says Jonathan Pritchard at the broker Peel Hunt. It's a legitimate concern but, equally, it's entirely possible that customers take a sanguine view and carry on as before. Most of us, let's be honest, aren't making amateur IT appraisals when we shop. The show of corporate confidence – plus the forecast-beating pre-attack profit numbers – were enough to repair some of the damage to the share price. It rose 2.5% on Wednesday, meaning it's down a net 8% since the Easter cyber villainy. That reaction feels roughly right. This was a severe incident, it's embarrassing and it's not yet over. But if £150m is the ultimate one-off net cost to M&S – and, crucially, if there is no repetition – the roof has not fallen in.
Daily Mail
15-05-2025
- Daily Mail
It began with a single screen freezing – and ended with our £100m-a-year firm going bust. What it really feels like to be targeted by Russian hackers
It started with a simple glitch on a single computer. One of our office workers reported his screen had frozen. No one batted an eyelid. Why would they? Computer screens freeze all the time. It's sure to be nothing, right? But just a few hours later our entire IT system was down with not a single member of our 800-strong team able to log in to any of our software.
The Sun
14-05-2025
- Business
- The Sun
Major update as supermarket relaunches IT systems after cyber attack
A supermarket has issued a major update as it prepares to relaunch its IT system after a cyber attack. The Co-op is set to turn online orders back on from today in a boost to shoppers. 1 A spokesperson for the supermarket told The Sun: 'Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op. 'We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner.' They added that 'we have switched all our orders back to the normal supply processes and systems'. The move will see stock levels return to normal in the coming days after the retailer faced widespread shortages over the past few weeks. There will be more items available in Food stores and online from this weekend. The Co-op also confirmed that it is working closely with its suppliers to restock its stores. Shoppers have seen large gaps on Co-op shelves after the retailer was targeted by cyber criminals on April 30. Customers have complained of shortages of fresh produce, ready meals, yoghurts and confectionery. The attack also pushed contactless card payments offline in nearly one in ten stores, which forced customers to pay with cash or enter their PINs at the till. The Co-op has confirmed that all forms of payments including contactless, and chip and pin are now working across all of its stores. All iPhone and Android users must switch on two settings to stop bank-raiding attack – worrying sign means it's too late The news comes after the retailer was forced to close part of its IT system following the attempted cyber attack. This included restricting access to certain systems, impacting some back office functions and call centre services. A fortnight ago the Co-op confirmed that some customers have had their private data stolen in the cyber attacks. Personal details such as names, contact information and dates of birth of a 'significant number' of customers and past members were compromised, the chain said. What is a cyber attack? A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices. These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption. Cyber attacks can take many forms, employing various techniques to achieve their malicious goals. Common types of cyber attacks include: Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware. Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites. Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users. SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data. Ransomware: Malware that encrypts a victim's data and demands a ransom for its release. Social Engineering: Manipulating individuals into performing actions or divulging confidential information. But members' passwords, credit card details and transaction information were not stolen. Cyber criminals managed to extract the data from one of the shop's systems, forensic investigations revealed. The National Crime Agency and National Cyber Security Centre are investigating the breach. The true scale of the damage only became clear after hackers contacted the BBC with evidence they had stolen customer data. Customers were assured that the Co-op has implemented measures to 'minimise disruption'. In a statement the company said: 'We appreciate that our members have placed their trust in our Co-op when providing information to us. "Protecting the security of our members' and customers' data is a priority, and we are very sorry that this situation has arisen." What has happened at M&S? The Coop is not the only retailer to be hit by a cyber attack. M&S has been experiencing significant disruption after a cyber incident which has affected contactless payments, click-and-collect services and online orders. The problems started on April 19, when customers reported that they were unable to collect purchases or return items. On April 21 M&S acknowledged the attack and apologised for the inconvenience. It engaged cyber security experts and notified the National Cyber Security Centre and the Information Commissioner's Office. The criminals suspected behind the attack are known as 'Scattered Spider' and have become one of the most prolific cybergangs of the past 18 months. They specialise in ransomware - a type of attack that is designed to steal information or access in exchange for a sum of money. They have built a reputation for targeting large, customer-facing organisations through social engineering and identity-focused tactics. Jamie Akhtar, CEO and Co-founder at CyberSmart, told The Sun: "This is a group known not for sheer technical sophistication, but for their ability to manipulate access, often by impersonating employees or exploiting multi-factor authentication systems." Despite M&S's efforts to restore systems, disruption continued throughout the week. The retailer was forced to suspend online and app orders on April 24. As a result, the company's share price tumbled by 5%. Shoppers then began to report empty shelves in some stores as the cyber incident affected stock levels. Customers complained they were unable to get their hands on bananas, fish and Colin the Caterpillar cakes. When questioned, staff said the disruption was linked to the cyber attack. Yesterday Jane Wall, the head of customer service at M&S, contacted customers to let them know what the cyber attack means for them. She confirmed that some personal customer data has been taken but there is no evidence that it has been shared. This data could include contact details, date of birth and online order history. But she said it does not include usable card or payment details or account passwords. She warned customers that they may receive emails, calls or texts fraudulently claiming to be from M&S so customers must be vigilant. She added: 'We sincerely apologise for any inconvenience caused to you and all of your customers. 'Thank you so much for shopping with us and for your support, we never take it for granted.' Timeline of cyber attack Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management". Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
