Latest news with #StephenBonner
Business Mayor
13-05-2025
- Business
- Business Mayor
M&S says some personal data was taken in cyber-attack
Marks & Spencer has said for the first time that some personal customer information was taken in the cyber-attack that has crippled its online operation for more than three weeks. Since the retailer's IT systems were hit by a ransomware attack, it has not been taking online orders, and the availability of some products in its stores has been affected after it took some of its systems offline in response. The company said the data accessed did not include usable payment or card details, nor any account passwords. The Guardian understands the details taken are names, addresses and order histories. M&S said it had told customers there was no need to take any action, although 'for extra peace of mind' they would be prompted to reset their password the next time they log into their M&S account. It did not say how many customers had been affected. 'Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,' the company said. 'Importantly, the data does not include usable payment or card details, which we do not hold on our systems, and it does not include any account passwords. There is no evidence that this data has been shared.' The group has not been able to take any orders through its website or app since 25 April as it tries to resolve the problems caused by the attack, which has been linked to the hacking group Scattered Spider. The retailer said it had taken steps to protect its systems and engaged leading cybersecurity experts. It has reported the incident to relevant government authorities and law enforcement. skip past newsletter promotion Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply. after newsletter promotion The Information Commissioner's Office confirmed on 2 May that it had received reports from M&S and the Co-op Group, which has also suffered a cyber-attack. The ICO said it was working closely with the National Cyber Security Centre. Stephen Bonner, the ICO deputy commissioner, said at the time: 'We recognise that seeing cyber-attacks in the news can be concerning, especially if you are a customer.' He said the ICO website had advice for people who are worried about their personal information.
Daily Record
07-05-2025
- Business
- Daily Record
Millions of shoppers warned as UK supermarket stops taking card payments
Thesupermarket is currently unable to accept card payments in some stores, with millions of shoppers being urged to bring cash instead. A major supermarket has ceased accepting card payments in some of its stores, issuing a warning to millions of shoppers. Co-op customers are being advised to bring cash as certain stores are not currently accepting card payments due to a cyber attack breach. The Co-op, which competes with Asda, Tesco, Morrisons, Sainsbury's and others, stated that it is working to restore digital payments as quickly as possible. Some locations are presently only accepting cash as they manage the fallout from the cyber attack. One user commented: "Cash only at the Co-Op today. That's three in Manchester I've seen with similar signs. One directly opposite the HQ." Stephen Bonner, deputy commissioner of the Information Commissioner's Office, told the Today Programme on Tuesday that the chaos was "a wake-up call to every organisation". The Co-op had to shut down parts of its IT system on Wednesday after detecting an attempted hack, just days after Marks and Spencer experienced a serious cyber incident, reports Birmingham Live. Shirine Khoury-Haq, the group's chief executive, advised members to "take the usual steps to keep their passwords safe". She wrote: "While we have been able to protect our Co-op from significant trading disruption, which is often the intent of these sorts of attacks, I am very sorry that this member information was accessed". "While there is no impact to your account, and you can continue to trade with us as normal, I appreciate that members will be concerned." A spokesperson for the Co-op has issued a statement regarding the cyber-attacks the company is facing: It read: "We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA. "We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners. "We now know that the hackers were able to access and extract data from one of our systems. The accessed data included information relating to a significant number of our current and past members. "This data includes Co-op Group members' personal data such as names and contact details, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group. "We appreciate that our members have placed their trust in our Co-op when providing information to us. "Protecting the security of our members' and customers' data is a priority, and we are very sorry that this situation has arisen." There are 500 Co-op food shops in Scotland, with more than 3,000 in the rest of the UK.
Yahoo
06-05-2025
- Business
- Yahoo
Co-op shops stop taking card payments amid cyber attack
The Co-op has stopped taking card payments in some of its shops as it battles the fallout from a devastating cyber attack. The retailer confirmed on Tuesday that some parts of its business have been limited to accepting cash only in response to the breach, which has wreaked havoc across the Co-op's systems and left it facing empty shelves. Pictures of stores displaying handmade signs warning that customers will not be able to use their payment cards have already emerged on social media, although the retailer said it is hoping to restore digital payments later this morning. It is understood that the majority of shops are still accepting card payments. It comes after the Co-op admitted on Friday that the hack was much more serious than first expected, confessing that millions of customers' data had been stolen by a gang of cyber criminals. A group known as DragonForce claimed responsibility for the attack, telling the BBC they had details of around 20m Co-op customers. That was in stark contrast to the Co-op's initial claims that the attack only affected 'back office and call centre services'. DragonForce also claimed responsibility for similar breaches at both Marks & Spencer and Harrods, and threatened further attacks by claiming UK retailers were on its 'blacklist'. The card issue emerged after the attack already made it difficult for the Co-op to secure some food and drink items, leading to empty shelves across its stores. The retailer said that 'sustained malicious attempts by hackers to access our systems' meant some stores would not have their regular selection available. The cyber attack has left Co-op shoppers facing empty shelves Dalton Philips, the boss of Greencore, a major supplier of sandwiches to the retailer, said over the weekend it was having to resort to 'pen and paper' methods to keep Co-op stocked up. He told the BBC: 'In the absence of having all the systems speaking to each other, you revert to how it was 25 years ago.' The DragonForce group is known for using ransomware to encrypt companies' systems before demanding a payment in order to unlock them. The attacks have also been linked to a gang known as Scattered Spider, a group said to be made up of British and American teenagers. Stephen Bonner, deputy commissioner of the Information Commissioner's Office, told the Today Programme on Tuesday that the chaos was 'a wake-up call to every organisation'. Co-op staff have been instructed to keep their cameras on during all virtual meetings amid fears of hackers gaining access to internal communications. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Daily Mail
02-05-2025
- Business
- Daily Mail
This is just the start, says secretive ‘gang whose hacking attacks wreaked havoc on Britain's high streets - with targets including M&S and Harrods'
A secretive gang of cyber criminals last night claimed to be behind the hacking attacks wreaking havoc on Britain's high streets – warning this is 'just the start'. The group, called DragonForce, said it and its affiliates, which may include the Scattered Spider crew of teenage hackers, are responsible for attacks on Marks & Spencer, the Co-op and Harrods. The hackers claimed to have stolen millions of customers' data and said they are trying to force their victims to pay a ransom. It came as Co-op said the personal data of customers, including names and contact details, had been stolen after cyber criminals accessed its systems, with the information watchdog highlighting that a similar situation could have taken place at M&S. Retailers are on red alert for similar attacks, as DragonForce said it was poised to launch more. In an interview with Bloomberg, its anonymous creators threatened to release data if it does not receive payment from the retailers, saying it typically expects millions of pounds for ransom payments. The group operates similarly to a criminal cartel and sells its software to other hackers, such as the Scattered Spider gang. 'Our job is not to destroy, we just take some money and walk away,' it said, also warning that the recent attacks were 'just a start'. DragonForce hackers claimed more than 90 victims last year and targeted companies across various industries. The Information Commissioner's Office (ICO) urged M&S and Co-op customers to use strong passwords and different ones across multiple platforms. Stephen Bonner, ICO deputy commissioner, said: 'We recognise that seeing cyber attacks in the news can be concerning, especially if you are a customer. 'If you are worried about your personal information, you can visit our website for advice and support. We also advise checking regularly for updates from the organisation and following their advice if they confirm that your personal information has been impacted by a cyber attack.' While M&S would not comment on if shoppers' data is at risk, boss Stuart Machin apologised to shoppers after the devastating attack that has lasted two weeks. The chain's customers and staff have been reeling from the disruption since Easter weekend, with millions of pounds of lost business still mounting. Harrods revealed it was also targeted this week, as technology experts warned over 'copycat' hacks. The Chancellor of the Duchy of Lancaster is set to warn that cyber criminals are trying to hack firms 'every hour of every day'. Speaking at the CyberUK conference next week, Pat McFadden will say companies must treat cyber security as 'an absolute priority' in the face of a growing threat from 'relentless' criminals.
Yahoo
02-05-2025
- Business
- Yahoo
ICO issue statement after cyber attacks on M&S and Co-op
The Information Commissioner's Office (ICO) have released a statement following a series of cyber attacks on retailers like Marks and Spencer, Co-op and Harrods. M&S first reported the issue over the Easter weekend but has seen its operations impacted for more than a week. Initially, the company saw contactless payments and click and collect orders affected. READ MORE: Local elections 2025 LIVE results as Reform take control of six councils including Lancashire READ MORE: Hull and East Yorkshire mayoral election 2025 results in full Earlier this week, it said it would no longer be able to take orders through its website or app in order to deal with the problem. Meanwhile, the Co-op Group was also affected by an attempted hack, prompting it to shut down parts of its IT infrastructure. While its shops and funeral services continued to trade, staff were instructed to keep cameras on and verify identities during all remote meetings. Harrods became the latest high-profile UK retailer to fall victim on Thursday. The luxury London department store said it had restricted internet access across its sites as a precautionary measure following an attempt to gain unauthorised access to its systems. In a statement, a Harrods spokesperson said: "We recently experienced attempts to gain unauthorised access to some of our systems. "Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today. "Currently, all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers. "Customers can also continue to shop via "We are not asking our customers to do anything differently at this point, and we will continue to provide updates as necessary." Now, the ICO have said it is also looking into the wave of attacks. Stephen Bonner, deputy commissioner at the ICO, said: "We can confirm we have received reports from Marks and Spencer plc and the Co-op Group. We are making enquiries with these organisations and working closely with the National Cyber Security Centre (NCSC)." He added: "We recognise that seeing cyber attacks in the news can be concerning, especially if you are a customer. "If you are worried about your personal information, you can visit our website for advice and support. "Make sure your accounts are protected by a strong password and that you are not using the same password across multiple accounts," Mr Bonner continued, "We also advise checking regularly for updates from the organisation and following their advice if they confirm that your personal information has been impacted by a cyber attack." The Metropolitan Police has launched an investigation into the attack on M&S.
