The chairman of British retail giant Marks & Spencer refused to tell a panel of lawmakers earlier this year whether the company paid for the hacking group after the ransomware attack.
“We've said we haven't discussed the details of our interactions with threatening actors,” Chairman Archie Norman said, referring to ransom payments. “I don't think it's in the public interest to get into that subject, as it's a law enforcement issue.”
Norman said Marks & Spencer's “Nobody” had a direct conversation with cybercriminals.
In May, Marks & Spencer revealed that the hacker had stole unspecified customer data, including name, date of birth, home and email address, phone number, home information and online order history. The violation also disrupts the operation for several weeks, emptying the shelves and prevented customers from ordering online.
Norman told lawmakers that the company is still dealing with recovery efforts and will continue to do so until October or November.