M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired.
On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack.
Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected.
Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked.
They are also declining to offer any timeline on when things may return to normal.
Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a 'wake-up' call for the industry.
What have we learned since the attack?
Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident.
It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price.
Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments.
ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Numerous products have been taken offline as a result of the hack. / Credit: PA
Reports emerged claiming that a hacking group known as Scattered Spider was behind the attack.
The group is notorious in the online criminal world for targeting large companies and breaching their data.
It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system.
Cyber security expert Graham Cluley told ITV News: 'Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities – often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly.'
Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems.
It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account.
Scattered Spider has used this tactic in the past.
It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information.
Cyber security expert, Professor Alan Woodward, told ITV News: 'Active Directory is a Microsoft product, which allows you to log in once and access all the systems.
'There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. Empty shelves inside a Marks & Spencer days after the attack. / Credit: PA
'They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network.'
Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can 'cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.'
It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government.
What are the businesses saying?
Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal.
The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working 'day and night' to restore their services.
This is despite the fact that it has been almost three weeks since they disabled online orders on their website.
If you try and order an item of clothing from M&S's website, it just says: 'We have paused online orders. Products remain available to browse online and stores are open.'
Co-op told ITV News all of their stores were receiving deliveries as of Monday morning.
But they did say: 'Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves.'
Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery.
Get all the latest news from around the country Follow STV News
Scan the QR code on your mobile device for all the latest news from around the country
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
18 minutes ago
- Reuters
TSX futures rise ahead of key US, Canada jobs data
June 6 (Reuters) - Futures tied to Canada's main stock index rose on Friday as investors awaited domestic employment figures and monthly payrolls data from the U.S., while signs of easing tensions between Washington and China fueled trade optimism. The S&P/TSX index futures were up 0.2% at 6:52 am ET (1052 GMT). The monthly U.S. non-farm payrolls report, scheduled at 8:30 am ET, will help investors assess the impact of President Donald Trump's trade policies on the labor market. Canada's monthly unemployment data is also due at 8:30 am ET. This week, Trump doubled tariffs on imports on steel and aluminum; Canada is the largest seller of the metals to the U.S. Canada's Industry Minister Melanie Joly said on Thursday that Prime Minister Mark Carney and Trump are in direct communication as part of Ottawa's bid to persuade Washington to lift tariffs. Meanwhile, a highly-anticipated phone call between Trump and Chinese President Xi Jinping on Thursday, which Trump said led to "a very positive conclusion," offered hope the trade war between the world's two largest economies might start to de-escalate. Additionally, China called on Friday for steps to improve bilateral ties with Canada, saying there were no deepseated conflicts of interest, following a spike in trade tensions with many of Beijing's Western trade partners this year. In commodities, oil prices slipped but were on track for their firstly weekly gain. Gold prices firmed while copper ticked up; both were set for weekly rises. Canada's main stock index edged higher on Thursday as higher oil prices boosted energy shares and investors assessed prospects of Canada reaching a trade deal with the U.S. FOR CANADIAN MARKETS NEWS, CLICK ON CODES: TSX market report Canadian dollar and bonds report CA/ Reuters global stocks poll for Canada , Canadian markets directory
Reuters
22 minutes ago
- Reuters
Sterling set to end week higher with spending plans in focus
June 6 (Reuters) - Sterling was on track to finish the week higher on Friday, supported by a UK economy largely resilient in the face of global turbulence, although investors will be monitoring the government's spending plans. The pound has gained about 0.6% this week, strengthened by data that showed UK services sector activity expanded more than expected. The currency was also boosted by relief Britain was spared from further U.S. tariffs on steel and aluminium following its deal with Washington last month. The pound slipped 0.2% to $1.3544 on Friday after touching its highest level since February 2022 the previous day. Against the euro , it was steady at 84.38 pence. Traders are still concerned, however, about the sustainability of growing debt loads in developed markets. A gilt auction this week indicated healthy demand for UK debt, but finance minister Rachel Reeves' spending plans on Wednesday could be the next test. The plans will set government departments' budgets up to 2029, with the focus on public investment in infrastructure and taxation plans, when analysts say sources of funding are diminishing and the benchmark gilt yield is among the highest in developed markets. "Wednesday's spending review will epitomise just how tight things look for UK government departments," said James Smith, an economist at ING. "And life is only going to get harder for the Treasury in the autumn. We think the government's 'headroom' will fully evaporate and that tax rises look increasingly inevitable later this year." Many of sterling's gains this year have resulted from a broadly weak U.S. dollar as investors price in the risk that President Donald Trump's erratic policymaking could result in a U.S. recession that could spill over to the rest of the world. Against this backdrop, Bank of England policymakers have urged a gradual and cautious approach to monetary policy decision-making. Interest rate futures point to the central bank leaving interest rates unchanged at its upcoming policy meeting, according to data compiled by LSEG. On the data front, British house prices fell by more than expected in May following an increase in property transaction taxes the prior month, Halifax said. The mortgage lender also said that the housing market looked "broadly stable". The market will also focus on a U.S. jobs report later in the day.
Scottish Sun
36 minutes ago
- Scottish Sun
Huge change to crypto investing rules revealed by city watchdog as it issues warning
We've outlined the risks associated with investing in cryptocurrency below CASH IN Huge change to crypto investing rules revealed by city watchdog as it issues warning Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) A HUGE change to crypto investing rules could come into force as the city watchdog issues a warning. The Financial Conduct Authority (FCA) is set to lift a ban on some investments for individual, or retail, investors. Sign up for Scottish Sun newsletter Sign up 1 The FCA is mooting lifting a ban for individual investors Credit: Alamy The watchdog has launched a consultation looking at allowing them to access crypto exchange-traded notes (cETNs). Crypto ETNs can be bought and sold and work by tracking the performance of cryptoassets like Bitcoin and Ethereum. It means people are exposed to its changing value without needing to hold the asset themselves. Currently, just professional investors are allowed to buy and sell the investment product after the FCA granted them access last year. Read more on Cryptocurrency WALLET WATCH HMRC to introduce rules for Crypto holders as fresh tax crackdown launched At the time, the regulator said it still believed crypto ETNs to be 'ill-suited for retail consumers due to the harm they pose'. David Geale, the FCA's executive director of payments and digital assets, said the proposals today reflected how the FCA was committed "to supporting the growth and competitiveness of the UK's crypto industry". However, he added: "We want to rebalance our approach to risk and lifting the ban would allow people to make the choice on whether such a high-risk investment is right for them given they could lose all their money.' Access to crypto derivatives would still be banned for retail investors – but the FCA said it would continue to consider its approach to high-risk investments. In April, Chancellor Rachel Reeves said she wanted the UK to be a 'world leader in digital assets' and announced plans to make crypto firms subject to regulation in the same way as traditional finance companies. 'While the UK will always be committed to high international standards, I am determined that our regulatory framework supports economic growth,' she said at the time. Four bombshell clues in hunt for elusive Bitcoin founder Satoshi Nakomoto revealed in doc - & signs he could be BRITISH But the FCA's chairman Nikhil Rathi recently warned that the number of young people turning to crypto as their first taste of investment was 'not great', adding that it was 'very high risk and you could potentially lose all your money'. The price of Bitcoin hit a fresh all-time high last month, topping about 111,000 dollars (£82,000) as the crypto market rallies amid support from Donald Trump's administration in the US. What is cryptocurrency? Cryptocurrencies differ from physical currencies, such as the pound. They are created using blockchain technology and part of their appeal is that they are not controlled by governments or a central bank, such as the Bank of England. It means the currency can be used to transfer wealth outside of the traditional banking system, making it easier to cross borders or stay anonymous when moving wealth. Bitcoin is the leading cryptocurrency but its rise has helped other cryptocurrencies also grow in value, such as Ethereum. In recent years, more mainstream companies and institutions have invested in cryptocurrency, and part of the recent rise in value is based on President Trump's favourable views on cryptocurrency. How do people invest in crypto? In the UK, you cannot invest in cryptocurrency funds through stocks and shares ISAs, general investment accounts, or pensions due to regulations. If you want to invest in Bitcoin or other cryptocurrencies, you'll need to use specialist trading platforms like Coin Bureau or PlanB. These platforms allow you to own crypto as a financial asset, though some accounts may not let you spend it. Crypto businesses in the UK must register with the Financial Conduct Authority (FCA). To check if a business is registered, visit the Financial Services Register at There's also a list of unregistered businesses at Businesses on this list may be operating illegally. If you don't want to invest in cryptocurrencies directly, you can still gain exposure to the market by investing in companies involved in the crypto space. The dangers of investing in crypto HERE are five key risks to keep in mind when investing in cryptocurrencies: Consumer protection: Many cryptocurrency investments promising high returns are not fully regulated, apart from anti-money laundering rules. This means you may have limited protection if things go wrong. Price volatility: Cryptocurrency prices can rise and fall dramatically, making it easy to lose money. It's also difficult to reliably determine their value. Product complexity: Crypto products and services can be complicated, which makes it hard to understand the risks. Plus, there's no guarantee you can convert your cryptocurrency back to cash—it depends on market demand and supply. Charges and fees: Crypto investments often come with high fees, which can eat into your returns. These fees are often higher than those for regulated investments. Marketing hype: Some firms exaggerate potential returns or downplay the risks involved. Be cautious of flashy promotions. It's essential to only invest in cryptocurrency if you fully understand how it works and the risks involved. Remember, there's no guarantee you can exchange it for real cash, and its value can change drastically in a short time. If something sounds too good to be true, it probably is. Always double-check with a trusted friend or advisor if you're unsure. Be wary of glowing websites or perfect reviews - fraudsters often create convincing scams. For tips on avoiding scams, check out our guide. Do you have a money problem that needs sorting? Get in touch by emailing money-sm@ Plus, you can join our Sun Money Chats and Tips Facebook group to share your tips and stories
