Major M&S boss reveals criminal gang behind crippling cyber attack
Chairman Archie Norman told UK lawmakers the attack crippled M&S's automated warehouse in Castle Donington, which is set to be back online imminently.
1
The breach disrupted operations in April and May, forcing the retailer to scramble to restore its systems.
The hack saw click and collect services across UK stores go down, as well as customer information stolen.
The group originally suspected to be behind the cyber attack was "Scattered Spider" - a notorious cyber criminal-collective.
However, it's now confirmed that the attack was carried out by DragonForce.
DragonForce creates ransomware that locks up a victim's files and rents it out to other criminals.
A group of young, English-speaking hackers is thought to be using DragonForce's tools to attack companies.
These hackers steal data and demand a ransom to unlock the files and prevent the stolen information from being leaked.
The attack on M&S began on Saturday, April 19, with customers unable to collect purchases or return items.
On April 21, M&S acknowledged the attack, apologised for the inconvenience, and engaged cyber security experts while notifying the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO).
Despite M&S' efforts to restore systems, disruptions continued throughout the week, forcing the retailer to make operational adjustments, including suspending online and app orders on Friday, April 24.
This decision led to a 5% drop in the company's share price.
Shoppers reported empty shelves in some stores with staple items including bananas, fish, and the iconic Colin the Caterpillar cakes hard find in some shops.
On May 13, M&S confirmed that some customer information had been stolen in the attack.
On Wednesday, May 21, M&S said that disruption from the attack is expected to continue through July.
Timeline of cyber attack
Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
Tuesday, May 13: M&S revealed that some customer information has been stolen.
Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July.
Click and collect, next day delivery and UK nominated day delivery for fashion items are still unavailable with services set to be restored "as soon as possible".
However, the retailer reintroduced a selection of third-party brands to its website last week, including Adidas, Columbia, and Lilybod.
M&S is now strengthening its cybersecurity measures to prevent future attacks as it works to fully recover from the disruption.
What is a cyber attack?
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
Ransomware: Malware that encrypts a victim's data and demands a ransom for its release.
Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
22 minutes ago
- The Independent
Officers were ‘covered in blood' after Pc shot with a crossbow
A police officer who was shot by a man with a crossbow said he lost so much blood that his colleagues were 'covered' in it. On Wednesday, a sentencing hearing at Aylesbury Crown Court heard police had been called after Jason King stabbed neighbour Alistair Mahwuto with a 'small knife' during an altercation, arising out of a 'long-standing' dispute. Police attended the scene in School Close in High Wycombe, Buckinghamshire, where King shot repeatedly at them using a crossbow before chasing them with the weapon and shooting officer Pc Curtis Foster, the court was told. The 55-year-old was later shot once by police in the stomach after refusing to put down the weapon when confronted by officers on May 10 last year, the court heard. Footage released by Thames Valley Police shows King, wearing shorts and a T-shirt, running across a road, pursuing the officers while pointing a crossbow. Pc Foster said of the incident: 'My recollection of the early moments when I arrived on scene was the street was empty, it was eerily quiet, no sign of the suspect and we then saw the victim who showed us a stab wound in the abdomen. 'I ascertained King had a crossbow when he removed the upstairs window to his property. He literally took the whole window out of its frame and then he was pointing something out of the window and I could see a red glint and then I realised it was a crossbow and that's when he took two shots at me out the window.' The officer added that he knew something had 'impacted' him but his adrenaline levels were 'so high' that he could not feel much pain. As a result, Pc Foster carried on running and helped clear members of the public away from the scene, despite his injury. Bodyworn camera footage shows the officer saying he thinks he has been shot and telling people to 'get back' into their houses as there is a man armed with a crossbow. Pc Foster said: 'I kind of first realised I was bleeding quite a lot when I could feel it running down my leg, and then I touched my leg above my trousers and my whole palm of my hand was red where it had gone through my trousers already so I thought yeah, I'm losing quite a lot of blood already.' He continued: 'There was a lot of blood. 'My two colleagues that turn up initially on scene were covered in my blood, that's how much blood I'd lost and when we got to the hospital the doctor had a feel of it and said I was really lucky it didn't strike an artery, it was a couple of centimetres away from hitting an artery in my leg.' Another clip shows King being confronted by an armed officer who shouts at him to 'stay still' before the officer fires one shot. The officer then runs over to King while other voices can be heard calling for paramedics. The armed officer, who cannot be named, said shooting King was 'the worst thing I've ever had to do' but that it 'neutralised a threat and kept everyone safe'. Further footage shows a police dog handler shouting to colleagues that King had attempted to shoot police dog Merlyn. Pc Foster has since made a full recovery from his injuries, police have said, while King was taken to hospital and discharged 10 days later. Judge Jonathan Cooper jailed King for nine years with a further three years on extended licence. He previously pleaded guilty to unlawful wounding, having an article with a blade or point, having an offensive weapon, wounding with intent and affray.
Daily Mail
22 minutes ago
- Daily Mail
Met Police's use of live facial recognition is 'unlawful', equality watchdog warns
The use of live facial recognition by Britain's biggest police force is 'unlawful' and not compatible with human rights laws, the equalities watchdog has said. The Equality and Human Rights Commission (EHRC) has claimed Scotland Yard's rules and safeguards fall short of standards and could have a 'chilling effect' on individuals' rights when deployed at protests. Live facial recognition (LFR) is set to be deployed by the force at Notting Hill Carnival over the August bank holiday weekend. More than one million people are expected to converge on the streets of west London for the annual celebration. And Metropolitan Police commissioner Sir Mark Rowley has already sought to reassure campaign groups that the technology will be used without bias. And a spokesman from the force said it believes its use of the tool is 'both lawful and proportionate, playing a key role in keeping Londoners safe.' The EHRC has been given permission to intervene in an upcoming judicial review over LFR, brought by privacy campaigner Big Brother Watch director Silkie Carlo and anti-knife crime community worker Shaun Thompson. They are seeking the legal challenge claiming Mr Thompson was 'grossly mistreated' after LFR wrongly identified him as a criminal last year. EHRC chief executive John Kirkpatrick said the technology, when used responsibly, can help combat serious crime and keep people safe, but the biometric data being processed is 'deeply personal'. 'The law is clear: everyone has the right to privacy, to freedom of expression and to freedom of assembly. These rights are vital for any democratic society,' he said. 'As such, there must be clear rules which guarantee that live facial recognition technology is used only where necessary, proportionate and constrained by appropriate safeguards. 'We believe that the Metropolitan Police's current policy falls short of this standard. The Met, and other forces using this technology, need to ensure they deploy it in ways which are consistent with the law and with human rights.' The watchdog said it believes the Met's policy is 'unlawful' because it is 'incompatible' with Articles 8, right to privacy, 10, freedom of expression, and 11, freedom of assembly and association of the European Convention on Human Rights. Big Brother Watch interim director Rebecca Vincent said the involvement of EHRC in the judicial review was hugely welcome in the 'landmark legal challenge'. 'The rapid proliferation of invasive live facial recognition technology without any legislation governing its use is one of the most pressing human rights concerns in the UK today,' she said. 'Live facial recognition surveillance turns our faces into barcodes and makes us a nation of suspects who, as we've seen in Shaun's case, can be falsely accused, grossly mistreated and forced to prove our innocence to authorities.' 'Given this crucial ongoing legal action, the Home Office and police's investment in this dangerous and discriminatory technology is wholly inappropriate and must stop.' It comes as Home Secretary Yvette Cooper defended plans to expand LFR across the country to catch 'high-harm' offenders last week. Last month, the Metropolitan Police announced plans to expand its use of the technology across the capital. Police bosses said LFR will now be used up to ten times per week across five days, up from the current four times per week across two days. A Met spokesman said the force welcomes the EHRC's recognition of the technology's potential in policing, and that the Court of Appeal has confirmed police can use LFR under common law powers. 'As part of this model, we have strong safeguards in place, with biometric data automatically deleted unless there is a match," they said. 'Independent research from the National Physical Laboratory has also helped us configure the technology in a way that avoids discrimination.'
The Sun
23 minutes ago
- The Sun
Tottenham ‘consider astonishing new Eze transfer bid that would see Richarlison move on and Newcastle MISS OUT on Wissa'
TOTTENHAM are reportedly considering a stunning 11th hour change to their transfer offer for Eberechi Eze, which would allow them to also sign Yoane Wissa. SunSport understand Spurs and Crystal Palace made a breakthrough in talks on Tuesday by agreeing a payment structure for a £60million deal. 2 2 However, reports suggest the North London club have made a late alteration by offering to send Richarlison - who scored twice in the 3-0 win over Burnley at the weekend - in a part-exchange. THIS IS A DEVELOPING STORY..
