Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
UK retail giant Marks & Spencer (M&S) has confirmed that the cyber attack it suffered in April led to customer data being compromised.
M&S is a UK-based retail giant that sells clothing, homewares, beauty products, food and more. It has over 1,000 stores across the UK and employs over 70,000 people worldwide.
In April, M&S was the first of three major retail giants, alongside Co-op and Harrods, to reveal that they were dealing with a cyber incident and quickly shut down several aspects of their operations to deal with the intrusion.
In the latest update on its website, M&S has now revealed that customer data was exfiltrated in the cyber incident.
“As we continue to manage the current cyber incident, we have written to customers to let them know that unfortunately the nature of the incident means some personal customer data has been taken,” said M&S.
Strangely, the retailer continues to instruct its customers that they don’t have to take any action, when they should keep an eye out for scams using their personal details.
“Importantly, there is no evidence that this data has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action,” M&S said.
While the relationship with this current cyber incident is unconfirmed, one M&S customer last month said that scammers attempted to reach out, claiming they were from M&S by using the last four digits of their credit card number to verify their identity, which may suggest that some card information may have been leaked.
“Yesterday I received a NoCallerID who wanted to scam me using my name and last 4 digits of my credit card. I hung up and wasn’t scammed. However, I tried to return an online order to M&S and their staff said systems were down. Now there’s an admission of a cyber attack,” said the customer in a post on X.
“It transpires the card I paid M&S with is the one the scammers used against me. The scammer wanted access to my phone and wanted me to read a 6 digit code back to him. This would have given him access to all info on my phone. I hung up and called my bank myself. Be alert!”
M&S may have concluded that partial card information is not “useable”.
The retailer has, however, forced a password reset and provided guides on how to stay safe when on the web.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S.com account on our website or app, and we have shared information on how to stay safe online,” said M&S.
The cyber attack on M&S, as well as Co-op and Harrods, was claimed by the DragonForce ransomware group earlier this month.
According to reports by the BBC, all three incidents have been claimed by the DragonForce ransomware gang, a claim that is backed by signs of their malware and more. Additionally, US cyber firm SentinelOne has also attributed the incidents to DragonForce.
“The DragonForce ransomware group has been targeting UK retailers in a series of coordinated attacks causing major service disruptions,” said Sentinel One.
“Prominent retailers such as Harrods, Marks & Spencer, and the Co-op have all reported ongoing incidents affecting payment systems, inventory, payroll and other critical business functions.”
Additionally, the initial investigation by M&S, Microsoft, CrowdStrike, and Fenix24 concluded that threat actor Scattered Spider was behind the M&S incident, a group believed to have ties to DragonForce and was found using its ransomware.
This may suggest that DragonForce is behind the incident, or that Scattered Spider is part of DragonForce’s new “partner” program, which is similar to ransomware-as-a-service (RaaS) affiliate programs where affiliates use the infrastructure, but instead the partner uses their own branding, identity and operations.
Be the first to hear the latest developments in the cyber industry.
