M&S resumes online orders six weeks after cyber attack
Marks & Spencer has resumed online orders for customers, six weeks after it was forced to halt sales following a cyber attack.
Currently, shoppers will only be able to purchase the company's "best-selling fashion ranges" as part of a staggered return to full online operations.
On the company's Instagram page, the retailer's managing director of clothing, home and beauty, John Lyttle, wrote: "We are bringing back online shopping this week
"A selection of our best-selling fashion ranges will be available for home delivery to England, Scotland and Wales.
"More of our fashion, home and beauty products will be added every day and we will resume deliveries to Northern Ireland and Click and Collect in the coming weeks.
"Thank you sincerely for your support and for shopping with us."
The retailer made the decision to pause online orders over the Easter Weekend after being targeted by hackers.
Customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken in the attack.
In a statement at the time, the retailer said: "Unfortunately the nature of the incident means some personal customer data has been taken.
"Importantly, there is no evidence that this data has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action."
Customers were prompted to reset their password though the store assured customers this was only for "extra peace of mind."
The retail group says 'human error' caused the attack, which is set to cost the firm around £300 million.
It is understood that the retailer was targeted by a ransomware called DragonForce, and an employee most likely replied to a phishing email.
The National Cyber Security Centre describes ransomware as a type of malicious software that prevents users from accessing their data and systems by encrypting their files.
The group deploying the software will then demand a payment or "ransom" in exchange for granting access and unencrypting the data.
Attackers can also threaten to leak the data if the ransom is not paid.
According to reports, a hacking group known as Scattered Spider is said to be behind the M&S attack, although this has not been confirmed.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
4 hours ago
- The Independent
DragonForce and Scattered Spider: Inside the hacker groups linked to M&S cyberattack
Marks & Spencer has finally reopened its online orders, months after a cyber attack which is set to cost the British high street retailer £300 million in profits this year. This comes as a new hacking group has been connected with the incident, after it was revealed the DragonForce group sent M&S CEO Stuart Machin an email days after it faced a major cyberattack gloating about the hack and demanding ransom payment. The email, seen and reported by the BBC, said: 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers.' DragonForce aren't the only group that have been connected with the attack on the retailer, as the Scattered Spider network had previously been named as the enactors of the social engineering attack. According to Sergey Shyekevich, a researcher from cybersecurity company Checkpoint, more hacker groups are forming alliances on the dark web. 'Co-operation between two powerful groups is very interesting,' he says. 'It's one outcome we see on the dark web more and more, alliances between big groups.' Here's all we know about the two hacker groups What is DragonForce? DragonForce is a hacker organisation that offers Ransomware to cyber-criminal affiliates for a 20 per cent cut of any ransoms collected. This means that for a fee, they lease out their malware through dark web marketplaces to cyber-criminals. While the organisation originally started working in 2023, they've had a massive re-marketing of their business model in the past couple of months. 'In the last two months, they started to become very active in one of the biggest dark web forums,' says Sergey, who says they have marketed themselves as a 'Ransomware Cartel', cornering that market on the dark web in the past month. 'They started being more aggressive I think a few weeks before all the attacks in the UK,' he adds. Researchers have claimed they operate out of Malaysia, with some disputing this and saying they are located in Russia. As well as the M&S hack, DragonForce has been linked to the Co-op cyberattack. What is Scattered Spider? Scattered Spider is a community of hackers that targets huge organisations across different sectors using social engineering tactics. 'They're very good at social engineering of different types,' Sergey says, adding that in the past they have used SIM swapping and impersonated IT staff to trick people into letting them use their systems. Believed to be a community of young adults across the US and UK, the group gained notoriety for their involvement in hacking and extorting two of the largest casino and gambling companies in the United States. 'They understand human nature and how big corporations work,' says Sergey. 'They're very successful.' In 2023 they were linked to the hacking and extortion of Caesars Entertainment and MGM Resorts International, which led the former to pay a ransom of approximately £11 million ($15 million). They were able to access a significant number of driver's licence numbers and possibly even Social Security numbers of the casino customers through the ransomware demand. A 17-year-old hacker from the United Kingdom was arrested in connection with the hack and attempted ransom in July 2024. How did the cyberattack happen? M&S first disclosed they had experienced a cyberattack on 22 April, which had disrupted their online operations and even halted contactless payments. Hundreds of agency workers at the company were told not to come into work as the retailer dealt with the fallout of the cyberattack. Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was also taken by hackers in the attack. M&S revealed last month that the attack was caused by 'human error', as Mr Machin said in an annual figures report in May that the hackers gained access to the company's IT systems through a third party. He said at the time: 'We didn't leave the door open, this wasn't anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.' Responding to attacks on the retail sector, the NCSC put out advice to the industry and responded to speculation that the Scattered Spider group had used social engineering to target IT help desks and perform password and MFA (multi-factor authentication) resets. 'Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant,' their blog post wrote. 'Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.' Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said: 'Specialist NCA cybercrime officers are working closely with law enforcement partners to investigate the recent cyber incidents affecting the retail sector. Identifying the criminals responsible and bringing them to justice is a top priority. 'We are considering the incidents individually, but have a range of hypotheses and are mindful they may be linked. 'The impact of these incidents has been significant and businesses will understandably be concerned. I'd encourage all organisations to follow advice on the NCSC's website to ensure they have effective cyber security measures in place to help prevent attacks. 'I'd also urge those that do unfortunately fall victim to an attack to engage with law enforcement as part of the reporting process. The NCA and policing will investigate covertly and discreetly, as well as support the recovery of systems and data.' How much money has M&S lost? The fallout from the cyberattack saw the company lose £650 million of value in a matter of days. M&S said it expected to take an estimated £300 million hit to profits this year, as they predicted disruption to its online business to last into July. What has M&S said in response? As M&S reopened its online operations, they put out a statement which said: 'You can now place online orders with standard delivery to England, Scotland and Wales. Delivery to Northern Ireland will resume in the coming weeks. 'We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks.'
Scottish Sun
5 hours ago
- Scottish Sun
I was 15 when my nude pics were leaked – grown men sent them around at the football club & everyone blamed ME
NOT KIDDING I was 15 when my nude pics were leaked – grown men sent them around at the football club & everyone blamed ME Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) LIKE many young girls, Jess Davies wanted to impress her school crush and decided to send him an explicit photo of herself. Little did the 15-year-old know that he would send it around the school and she would become a victim of image abuse. Sign up for Scottish Sun newsletter Sign up 2 Jess Davies revealed her nude photo was leaked at just 15-years-old Credit: Instagram/jessdavies "That image got bluetoothed around my school, and then it got shared around my hometown, which was a small hometown in Wales, everyone knows everyone," she explained on the Should I Delete That podcast. Image-based sexual abuse is a criminal offence, it's when someone takes, shares, or threatens to share sexually explicit images or videos of a person without their knowledge or consent, and with the aim of causing them distress or harm. This can include digitally altered images, also known as 'deepfakes' - something Jess has gone on to lobby the government to include in the Online Harms Safety Bill. Now 32, Jess has opened up about the trauma it caused and more shockingly, how she was blamed for the abuse. She revealed that once the photo had circulated in her hometown, it was then shared to grown adult men on the local football team. Instead of seeing Jess as a victim, whose private photo was shared without her consent, people blamed her. "Everyone knew my age because it was a small town, and yet, the whole narrative was around how it was my fault," Jess added. "That I shouldn't have sent it, what kind of girl are you? "There was never any conversation around why are men in their twenties and thirties passing around a child's image?" Jess was left as a teenage girl worrying about how to navigate the situation, and she decided she had to laugh it off. 2 Now, she advocates for sexual abuse victims Credit: Instagram/jessdavies Vicky Pattison shares deepfake porn clip of herself as she warns of dangers on C4 doc She revealed that boys in year 7 would run up and ask for a hug as they had seen the image as well. "I was laughing but secretly, this was humiliating," she said. In the end, her parents also found out about the image, as her nan was told about it from one of the men on the football team, where the image was being circulated. Now, as Jess has gotten older, she realises that the way people treated her for the image was not okay and that she was held more accountable than the grown men sharing the image. It has now led Jess to become an advocate for female rights and sexual abuse. Her BBC documentary 'Deepfake Porn: Could You Be Next' was used to lobby the UK government to criminalise deepfake porn. Jess also has a new book, No One Wants To See Your Dick, a guide for surviving the digital age to help us understand and tackle online misogyny and question society's understanding of consent.
Powys County Times
5 hours ago
- Powys County Times
Bryson DeChambeau 'super excited' at prospect of signing new LIV Golf contract
Bryson DeChambeau is 'super excited' at the prospect of signing a new contract with LIV Golf. The 31-year-old signed a reported deal of more than $100million (£74m) to join the Saudi Arabia's Public Investment Fund (PIF) tour. That expires in 2026 and, despite speculation suggesting DeChambeau is ready to rejoin the PGA Tour, he hinted his future remains with LIV. View this post on Instagram A post shared by LIV Golf (@livgolf_league) Ahead of the US Open at Oakmont, where he is the defending champion, Dechambeau said: 'Next year is when (his contract) ends. 'We're looking to negotiate at the end of this year, and I'm very excited. They see the value in me. I see the value in what they can provide, and I believe we'll come to some sort of resolution on that. Super excited for the future. 'I think that LIV is not going anywhere. (Yasir Al Rumayyan, governor of PIF) has been steadfast in his belief on team golf, and whether everybody believes in it or not, I think it's a viable option. 'I think it's a viable commercial option. Our team has been EBIDTA (Earnings Before Interest, Taxes, Depreciation, and Amortisation) positive for the past two years, so we're starting to grow and move in the right direction. One of the best moments of my life — Bryson DeChambeau (@brysondech) June 16, 2024 'I know my worth. I know what LIV brings to the table. And I'm excited for the future of what golf is going to be.' DeChambeau is bidding to win his third US Open following victories at Winged Foot in 2020 and Pinehurst last year, where he edged out Rory McIlroy in a thrilling finish. He has become a fixture on major championship leaderboards since his move to LIV Golf, his US Open win last year one of five top-six finishes in his last six starts. 'I think for any golfer out here trying to win the US Open, there's just as much pressure. 'You can put as much pressure on yourself as you want. I try to look at it as there's a lot of fans out there. 'I'm excited to showcase my skill sets and try to play the best golf as I possibly can, and if that adds up to the lowest number out here, great. If not, I've got to work harder. 'That's the pressure I put on myself – performing for the fans. 'It's been an amazing year. I'm so grateful to have won the US Open. I worked hard to win at Pinehurst and have been playing some good golf after that.'
