Marks & Spencers faces class action lawsuit over cyber attack
British department store chain Marks & Spencer is facing a multimillion pound lawsuit following its cyber attack. The complaint specifically pertains to Scottish customers whose personal data was stolen during the incident.
Marks & Spencer confirmed that consumer data had been stolen in the cyber attack last week. However, it noted that there was no evidence of usable card details, payment information or customer passports among the data that was stolen.
Now, however, law firm Thompsons Solicitors has set about on a class action claim against the retailer after being inundated by Scottish Marks & Spencer consumers 'who have been caught up in this online heist'.
Speaking to The Sunday Mail, senior partner of the firm, Patrick McGuire, said: 'We have a situation here where one of the most famous retailers in the UK have allowed criminals to pillage the personal details of hundreds of thousands of Scottish customers.'
McGuire added that he believed this is the 'biggest data theft case' the firm has been involved in, with the team already seeing an influx of enquiries from customers whose details have been stolen.
Marks & Spencer was faced with the cyber incident late April, when, following reports from consumers of issues with its website, it said it was enacting 'proactive management' of the ordeal.
The retailer has since seen over 1.2 billion pounds shed off its market value, while CEO Stuart Machin is also said to be facing a 1.1 million pound pay reduction in its wake.
The attack was the first of what became many cyber incidents in the preceding weeks, with luxury department store Harrods and French brand Dior among the later targets.
FashionUnited has contacted Marks & Spencer with a request to comment.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scottish Sun
an hour ago
- Scottish Sun
Terrifying message sent by ‘Chinese hackers' to M&S boss after crippling cyber attack on British retailer is revealed
The blackmail message is believed to have included a racist term RANSOM DEMAND Terrifying message sent by 'Chinese hackers' to M&S boss after crippling cyber attack on British retailer is revealed Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) 'CHINESE hackers' allegedly sent a terrifying message to the boss of Marks & Spencer following a crippling cyber-attack on the British retailer. Fraudsters, believed to be from the hacking group DragonForce, are said to have emailed the company's chief executive Stuart Machin and seven other key executives. Sign up for Scottish Sun newsletter Sign up 2 High street retailer Marks & Spencer was hit by a cyber attack over the Easter holiday Credit: Alamy 2 M&S boss Stuart Machin, pictured, along with seven other company executives were emailed by the hackers, believed to be DragonForce Credit: PA The message, written in broken English, was sent on April 23, indicated that M&S was hacked by the ransomware group, although the retailer has not acknowledged this. 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers,' the hackers wrote, according to the BBC. 'The dragon wants to speak to you so please head over to [our darknet website].' The link to the darknet shared in the email led to a portal for victims of DragonForce to negotiate a ransom fee. The hackers added: 'Let's get the party started. Message us, we will make this fast and easy for us.' DragonForce's attack during the Easter holiday has been hugely damaging for one of Britain's best-known retailer and is thought to have cost the firm an estimated £300million. After six weeks on from the attack, the retailer is still unable to process online orders. The email was sent to Mr Machin along with seven other top executives, according to the corporation. A racist term is also said to have been included in the blackmail message and also ended with an image of a fire-breathing dragon. Along with installing ransomware in order to cripple M&S's IT system the hackers are also believed to have stolen private data from millions of customers. The £3.50 M&S buy that'll make your whole house smell like a 'boujee candle' Three weeks on from the attack, M&S informed customers that contact details and dates of birth from some shoppers had been obtained by a suspected cyber cartel. M&S also admitted other personal details, including customers' order histories, had also been pilfered by online criminals. Bosses though have stressed that no data relating to shoppers' payment, card details or account passwords had been obtained. It is unclear how many customers have been affected by the data breach. According to the company's full-year results, it had 9.4million active online customers in the year up to March 30. The email apparently sent by DragonForce is thought to have bene sent using the account of an employee from IT company Tata Consultancy Services (TCS), which has provided IT services to the retailer for more than a decade. The Indian IT worker, who is based in London, had an M&S email address but is paid employee of TCS. Timeline of the attack Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management". Disruptions continue. M&S takes further systems offline as part of "proactive management". Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores. Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores. Tuesday, May 13: M&S revealed that some customer information has been stolen. M&S revealed that some customer information has been stolen. Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July. The retailer said disruption from the attack is expected to continue through to July. It's thought the worker was among the victims hacked. The company had previously said it is investigating if it was a gateway for the cyber attack. It has since informed the BBC the email was not sent from its system and had nothing to do with the security breach. M&S has declined to comment on the latest revelations. A spokesperson for the company told The Sun Online: 'We cannot comment on details of or speculation on the cyber incident, and we have been advised not to.'
The National
an hour ago
- The National
Sheku Bayoh family member receives £1m in compensation
Almost ten years after Bayoh's death, his family resolved the civil action in March after it was first raised in May 2018, reaching an out-of-court settlement concerning his death. The family's lawyer, Aamer Anwar, reportedly said a settlement was agreed without any admission of liability by Police Scotland. A father-of-two, Bayoh died after he was restrained by around six police officers who were called to reports of a man carrying a knife on Hayfield Road in Kirkcaldy on May 3, 2015. READ MORE: Scottish Labour minister leaves Government for health reasons Officers were accused of using excessive force after they restrained him by his legs and arms, using CS spray or tear gas and batons. Bayoh lost consciousness after being restrained and was pronounced dead in hospital. His family launched a civil action against Police Scotland three years later and an ongoing public inquiry was launched to examine the circumstances leading to his death and whether or not race was a factor. It was announced on Friday that up to ten members of the family have received compensation from Police Scotland, including a single award of more than £1m. The figure appears in a report for the Scottish Police Authority's (SPA) legal committee under the heading public liability claims. The SPA report said, 'quarter four saw the settlement of a very large litigation that involved several pursuers'. (Image: Jane Barlow/PA Wire) The total amount paid out to all relatives of Bayoh was not revealed. However, in 2018, Anwar said the action for damages in the Court of Session was £1.85m. Anwar confirmed the settlement was agreed without any admission of liability by Police Scotland, despite previously describing Bayoh's case as a 'national disgrace'. 'On May 3, it will be the tenth anniversary of Sheku's death in police custody, however, the struggle for the truth continues,' he previously said. 'As we reach the final stages of the Public Inquiry, those who broke the law should remember there is no time limit on justice. There will be no further comment today.' The Scottish Police Federation, the body that represents rank and file officers, said it was 'surprised' by the chief constable's decision to settle the claim against the force. A spokesperson said: 'The only person who can be said indisputably to have broken the law is Sheku Bayoh. 'On any view of the evidence, he took illegal drugs, engaged in a fight with a friend, armed himself with a large knife and then took to the streets of Kirkcaldy, where he terrified many members of the public who asked the police to help before assaulting a female police officer by punching her to the ground. 'These are facts which are wholly unchallenged. 'As the inquiry continues, it would be inappropriate to say any more at this stage, other than to remind the public that the clear position of the officers involved in the apprehension of Mr Bayoh is that they acted reasonably, in the public interest in the circumstances, given the danger that he presented.'
NBC News
an hour ago
- NBC News
Hidden invasion: Rwanda's covert war in the Congo
Open secret From the start, Rwanda has gone to extraordinary lengths to conceal its intervention in the Kivu provinces in eastern Congo, which went from a couple of hundred soldiers in 2021 to an estimated 5,000 today. But there have been lapses in Rwanda's secrecy. In May 2022, Congolese forces announced they had captured two Rwandan soldiers who had entered the country. Rwanda denied this, claiming the soldiers were kidnapped across the border. NBC News obtained a Rwandan military report that admitted that these soldiers were captured while taking part in an M23 attack on barracks at Rumangabo military base. The internal report says members of the Rwanda Defence Force crossing the border were supposed to leave cellphones behind and strip identifying insignia from their uniforms. It recommends punishment for the soldiers' commander for failing to ensure the captured soldiers did so. In a bid to remove witnesses, Rwandan soldiers forced Congolese villagers to evacuate areas they occupied, according to a contractor hired to provide intelligence for the Congolese military. Operations like this drove hundreds of thousands from their homes. 'This is not business as usual in the DRC,' Antoine Sagot-Priez, DRC country director for the aid agency Concern Worldwide, said in March, commenting on the mass displacement. 'We need people to know what is happening here.' These villagers ended up living in 17 camps around the city of Goma, the capital of Congo's North Kivu province, that would eventually swell to hold 400,000 to 500,000 people. Reports drawn up by the same contractor state that Rwandan forces were moving their mortars in and out of Congo — sometimes each day — apparently to avoid detection. Rwandan soldiers also often don outfits usually worn by the M23 rebels. Much of the information used in this report was compiled by Western military experts, who included former French army officers, Romanians, Poles and Bulgarians, hired by Congo's President Felix Tshisekedi in 2022 when he realized his army was disastrously losing ground. They were assigned the task of protecting cities in the east and providing Congo's artillery with key information — thanks to a small fleet of Chinese drones. In March 2023, these new hires helped turn the tables on the Rwandans attacking the town of Sake, west of Goma, by hitting their mortar positions with Sukhoi fighter jets. The entire Rwandan force in Congo withdrew the following day. Military contractors believe this was the moment Rwanda — one of Africa's poorest states and heavily dependent on foreign aid — went on an international military shopping spree, placing orders in Poland and Turkey for sophisticated anti-missile systems, drones and signal-jamming equipment. Then in late 2023, Rwandan forces began returning to Congo. This time the numbers were 10 times higher than before — 3,000 to 5,000 men, according to the same military contractor. The Congolese army put its new drones to devastating use. Satellite imagery shows a sudden, dramatic increase in the number of graves at Kanombe Military Cemetery, Rwanda's main military burial ground in the capital, Kigali. It expanded by some 350 graves between mid-2023 and early 2024, according to a manual count carried out by NBC News. The images also show that from late 2021 to today, the cemetery has added 900 graves, even though the country says it is not engaged in any military conflict in Congo. Rwanda's government spokesperson declined to comment on the fresh graves, saying: 'Speculation about a military cemetery in Kigali has no basis in reality.' The DRC's air superiority did not last long. According to senior Congolese army officers, Rwanda used the opportunity presented by a U.S.-negotiated truce to install Chinese-made Yitian anti-missile systems in Congo. The addition in early 2024 of GPS-jamming equipment turned the war's tide, making it nearly impossible for the DRC's hired contractors to deploy their drone fleet. 'The new equipment changed everything,' said Gen. Sylvain Ekenge, a Congolese army spokesman. 'When we were asked by the Americans for a ceasefire to calm things down, the Rwandans used it as a chance to bring in these systems.'
