13 hours ago
Retail lobby group accused of M&S cyber cover-up
Britain's biggest retail lobby group has been accused of a cover up after publishing 'made up' Marks & Spencer sales figures following a cyber attack on the retailer.
Shops were told last week that the British Retail Consortium (BRC) had been using out-of-date numbers for M&S while its systems were down, masking the true impact of the cyber attack on its sales.
The admission has provoked astonishment among members. One senior retail executive said the BRC had 'effectively said to industry that the data is completely made up'.
The inaccurate figures were included in the BRC-KPMG benchmark, which is seen as a crucial tool for high street stores to understand how they are performing against competitors.
Analysts and the Government also monitor the index to track the wider health of the retail sector.
The benchmark does not break out the individual performance of each retailer, but is compiled using sales figures submitted by shops for different categories including clothing, accessories and books.
The BRC said it had used out-of-date figures for M&S because it had not received any data from the company.
Rather than excluding M&S, the BRC used 'placeholder' numbers for weeks. These figures were based on figures from before the cyber attack, which forced the retailer to suspend online sales for months.
The practice only came to light after the BRC sent an email to members last week telling them they should be careful in using the data.
One senior retail executive said: 'It's one thing to take the number out. It's another to add one in and make it up.'
Fresh setback
Analysts said the distortion of the figures risked damaging trust in the benchmark.
Richard Lim, chief executive of Retail Economics, said: 'BRC members that participate in the scheme will be using it to inform their tactics and strategies all the way up to board level. There will be specific categories that potentially wouldn't have given a clear picture of underlying trade.'
The BRC argued that excluding M&S from the benchmark would have allowed competitors to work out crucial information about the retailer, such as market share.
Separate figures suggest M&S has suffered a significant hit to sales from the cyber attack, which saw its systems frozen and customer data stolen.
Kantar data found that clothing sales at M&S were down by a fifth in the four weeks to May 25 compared with the same period a year earlier.
Meanwhile, spending on food was nearly flat, with NIQ numbers showing spending in M&S's food halls rose by 0.8pc in the four weeks to May 17 compared with a year earlier
M&S has warned that the breach will wipe £300m from its profits after the attack reduced availability of food across its stores and stopped it from being able to accept online orders.
The retailer only resumed online orders earlier this month, more than six weeks after the attack began.
It has come as a major setback to bosses, who had been credited with steering a turnaround of the retailer before the attack. Stuart Machin, M&S's chief executive, saw his pay package jump almost 40pc last year to £7.1m amid a rise in performance-linked bonuses.
A spokesman for the BRC said: 'The BRC-KPMG Retail Sales Monitor is a leading indicator of retail sales activity in the UK used by businesses, analysts and the Government. All retail contributors submit their data on the basis that it remains strictly confidential and secure.
'We have tried and tested processes to ensure that no commercially sensitive information, including market share, can be deduced from changes to the data - particularly where a contributor is unable to submit for a period of time, or when contributors leave or join the benchmark.'
The BRC gets its funding from retailers, with members paying a fee based on their revenues. M&S is one of the largest retailers in the UK by revenues, making £13.8bn in sales in its last financial year.
