M&S to face disruption from massive cyber attack for another two months
Marks and Spencer has said the fallout from the cyber attack is expected to last until July.
M&S was targeted by hackers in April, which disrupted contactless payments and Click and Collect – just one of many major retailers that have been hacked recently.
The retailer then confirmed that customer data had been stolen, although it said no passwords or card details were accessed.
M&S and customers face further disruption from the attack, expected to last through to July.
Shoppers have faced empty shelves in M&S stores after the attack, while online orders were paused for weeks.
Its operating profits will be reduced by around £300 million due to the impact of the attack, M&S warned.
Experts said that attacks on iconic institutions are often not sophisticated.
Instead, hackers resort to tricks and bombard several companies in case one of them hits a vulnerability, cyber security expert Dr Ian Batten told Metro.
The M&S outage has been linked to a collective called Scattered Spider, which used a ransomware attack to breach its system.
Cyber criminals have also targeted Co-op, Harrods and the Ministry of Justice's Legal Aid Agency, leaving many users in uncertainty over who holds their details.
The latest to announce a cyber attack is the Tesco, Sainsbury's and Aldi supplier Peter Green Chilled. More Trending
Detectives from the National Crime Agency are investigating the string of attacks.
They are focusing on a group known as Scattered Spider, which is thought to include young, English-speaking teenagers, BBC News reports.
Paul Foster, the head of the NCA's national cyber crime unit told the broadcaster in a documentary: 'We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders.'
Got a story? Get in touch with our news team by emailing us at webnews@metro.co.uk. Or you can submit your videos and pictures here.
For more stories like this, check our news page.
Follow Metro.co.uk on Twitter and Facebook for the latest news updates. You can now also get Metro.co.uk articles sent straight to your device. Sign up for our daily push alerts here.
MORE: These are the 9 best (and most comfortable!) ballet flats to wear this summer
MORE: The unhealthiest supermarket sandwiches with more calories than a Big Mac
MORE: The UK supermarket rewards schemes that are actually worth your loyalty
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
North Wales Chronicle
38 minutes ago
- North Wales Chronicle
Tottenham close to agreement with Brentford over Thomas Frank appointment
Spurs sacked Ange Postecoglou on Friday – 16 days after he led them to Europa League success – and quickly set their sights on Frank. After positive initial talks over the weekend, confidence started to grow on Monday that Frank would be the man to replace Postecoglou and Tottenham made an official approach to their Premier League rivals later in the day. "One of the best stories in English football" 💬 We sat down with Thomas Frank to get his review of the 2024/25 season as we secured a second top ten finish in three years ⤵️ — Brentford FC (@BrentfordFC) May 30, 2025 Discussions continued into Tuesday and centred on Frank's contract at Brentford, which runs until the summer of 2027 and contains a release clause reported to be in the region of £10million. Talks are set to enter Wednesday, but an agreement between Spurs and Brentford over a compensation package to appoint Frank is close, PA understands. Further progress is required over Frank's backroom staff and how many will follow the Danish coach to Tottenham. The 51-year-old would take over a Spurs side which won the Europa League last month but finished 17th in the Premier League. One of the first decisions he would be faced with if appointed concerns the future of Tottenham captain Son Heung-min. A post shared by Son HeungMin(손흥민)🇰🇷 (@hm_son7) Son had a 12-month option in his current contract triggered in January. 'I still have one more year left on the contract,' Son said on Tuesday, as reported by Korean agency Yonhap. 'Rather than saying anything at this moment, I think we should all wait and see what happens.'
Leader Live
2 hours ago
- Leader Live
Tottenham close to agreement with Brentford over Thomas Frank appointment
Spurs sacked Ange Postecoglou on Friday – 16 days after he led them to Europa League success – and quickly set their sights on Frank. After positive initial talks over the weekend, confidence started to grow on Monday that Frank would be the man to replace Postecoglou and Tottenham made an official approach to their Premier League rivals later in the day. "One of the best stories in English football" 💬 We sat down with Thomas Frank to get his review of the 2024/25 season as we secured a second top ten finish in three years ⤵️ — Brentford FC (@BrentfordFC) May 30, 2025 Discussions continued into Tuesday and centred on Frank's contract at Brentford, which runs until the summer of 2027 and contains a release clause reported to be in the region of £10million. Talks are set to enter Wednesday, but an agreement between Spurs and Brentford over a compensation package to appoint Frank is close, PA understands. Further progress is required over Frank's backroom staff and how many will follow the Danish coach to Tottenham. The 51-year-old would take over a Spurs side which won the Europa League last month but finished 17th in the Premier League. One of the first decisions he would be faced with if appointed concerns the future of Tottenham captain Son Heung-min. A post shared by Son HeungMin(손흥민)🇰🇷 (@hm_son7) Son had a 12-month option in his current contract triggered in January. 'I still have one more year left on the contract,' Son said on Tuesday, as reported by Korean agency Yonhap. 'Rather than saying anything at this moment, I think we should all wait and see what happens.'
The Independent
2 hours ago
- The Independent
DragonForce and Scattered Spider: Inside the hacker groups linked to M&S cyberattack
Marks & Spencer has finally reopened its online orders, months after a cyber attack which is set to cost the British high street retailer £300 million in profits this year. This comes as a new hacking group has been connected with the incident, after it was revealed the DragonForce group sent M&S CEO Stuart Machin an email days after it faced a major cyberattack gloating about the hack and demanding ransom payment. The email, seen and reported by the BBC, said: 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers.' DragonForce aren't the only group that have been connected with the attack on the retailer, as the Scattered Spider network had previously been named as the enactors of the social engineering attack. According to Sergey Shyekevich, a researcher from cybersecurity company Checkpoint, more hacker groups are forming alliances on the dark web. 'Co-operation between two powerful groups is very interesting,' he says. 'It's one outcome we see on the dark web more and more, alliances between big groups.' Here's all we know about the two hacker groups What is DragonForce? DragonForce is a hacker organisation that offers Ransomware to cyber-criminal affiliates for a 20 per cent cut of any ransoms collected. This means that for a fee, they lease out their malware through dark web marketplaces to cyber-criminals. While the organisation originally started working in 2023, they've had a massive re-marketing of their business model in the past couple of months. 'In the last two months, they started to become very active in one of the biggest dark web forums,' says Sergey, who says they have marketed themselves as a 'Ransomware Cartel', cornering that market on the dark web in the past month. 'They started being more aggressive I think a few weeks before all the attacks in the UK,' he adds. Researchers have claimed they operate out of Malaysia, with some disputing this and saying they are located in Russia. As well as the M&S hack, DragonForce has been linked to the Co-op cyberattack. What is Scattered Spider? Scattered Spider is a community of hackers that targets huge organisations across different sectors using social engineering tactics. 'They're very good at social engineering of different types,' Sergey says, adding that in the past they have used SIM swapping and impersonated IT staff to trick people into letting them use their systems. Believed to be a community of young adults across the US and UK, the group gained notoriety for their involvement in hacking and extorting two of the largest casino and gambling companies in the United States. 'They understand human nature and how big corporations work,' says Sergey. 'They're very successful.' In 2023 they were linked to the hacking and extortion of Caesars Entertainment and MGM Resorts International, which led the former to pay a ransom of approximately £11 million ($15 million). They were able to access a significant number of driver's licence numbers and possibly even Social Security numbers of the casino customers through the ransomware demand. A 17-year-old hacker from the United Kingdom was arrested in connection with the hack and attempted ransom in July 2024. How did the cyberattack happen? M&S first disclosed they had experienced a cyberattack on 22 April, which had disrupted their online operations and even halted contactless payments. Hundreds of agency workers at the company were told not to come into work as the retailer dealt with the fallout of the cyberattack. Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was also taken by hackers in the attack. M&S revealed last month that the attack was caused by 'human error', as Mr Machin said in an annual figures report in May that the hackers gained access to the company's IT systems through a third party. He said at the time: 'We didn't leave the door open, this wasn't anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.' Responding to attacks on the retail sector, the NCSC put out advice to the industry and responded to speculation that the Scattered Spider group had used social engineering to target IT help desks and perform password and MFA (multi-factor authentication) resets. 'Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant,' their blog post wrote. 'Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.' Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said: 'Specialist NCA cybercrime officers are working closely with law enforcement partners to investigate the recent cyber incidents affecting the retail sector. Identifying the criminals responsible and bringing them to justice is a top priority. 'We are considering the incidents individually, but have a range of hypotheses and are mindful they may be linked. 'The impact of these incidents has been significant and businesses will understandably be concerned. I'd encourage all organisations to follow advice on the NCSC's website to ensure they have effective cyber security measures in place to help prevent attacks. 'I'd also urge those that do unfortunately fall victim to an attack to engage with law enforcement as part of the reporting process. The NCA and policing will investigate covertly and discreetly, as well as support the recovery of systems and data.' How much money has M&S lost? The fallout from the cyberattack saw the company lose £650 million of value in a matter of days. M&S said it expected to take an estimated £300 million hit to profits this year, as they predicted disruption to its online business to last into July. What has M&S said in response? As M&S reopened its online operations, they put out a statement which said: 'You can now place online orders with standard delivery to England, Scotland and Wales. Delivery to Northern Ireland will resume in the coming weeks. 'We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks.'
