A significant cyberattack impacting a widely used payroll provider has potentially exposed the sensitive data of employees at major UK retailers, including Marks & Spencer (M&S) and Co-op. The incident originated with a third-party software supplier, Zellis, which handles payroll services for numerous large organizations.
The breach involved unauthorized access to employee information processed by the supplier. For companies like M&S and Co-op, this could mean a data breach affecting potentially thousands of their staff members, encompassing details such as names, addresses, bank account information, and salary figures.
Experts and analysts are estimating the potential financial fallout from this data security incident to be substantial. The combined costs for the impacted retailers, particularly M&S and Co-op given their scale, could reach as high as £440 million. This figure reflects not just the immediate costs of investigation and remediation but also the significant potential expense arising from compensation claims filed by affected employees whose personal data has been compromised. Organizations rely heavily on the security of their third-party providers, and this event starkly highlights the risks inherent in supply chain dependencies when it comes to protecting sensitive employee data. The full extent of the impact and the final financial cost will depend on the number of individuals affected and the outcome of any legal actions.
Source: https://securityaffairs.com/179225/cyber-crime/the-financial-impact-of-marks-spencer-and-co-op-cyberattacks-could-reach-440m.html
