Tag: Marks and Spencer

  • Marks and Spencer Reports Customer Data Breach Following Ransomware Attack

    Marks and Spencer Reports Customer Data Breach Following Ransomware Attack

    Marks and Spencer (M&S) has confirmed that customer data was stolen in a cyberattack that occurred last month, significantly impacting operations across its 1,400 stores. The attack, identified as a ransomware incident, took place on April 22, 2025, and forced the company to stop accepting online orders temporarily. M&S is currently conducting an investigation into the breach and has informed the public about the sensitive personal information that was compromised.

    According to sources, the cyberattack was executed by affiliates of the DragonForce ransomware group, utilizing Scattered Spider social engineering techniques to breach the retailer’s network. During the attack, VMware ESXi virtual machines hosted on company servers were encrypted, leading to significant disruptions in service and operations.

    M&S CEO Stuart Machin announced the breach in a letter posted on the retailer’s official Facebook page. He reassured customers that, while personal information has been taken, there is no evidence that the data has been shared, and it does not include any usable payment details or account passwords. Nevertheless, all customers with active accounts will be required to reset their passwords upon their next login attempt.

    An FAQ page released by M&S has outlined the types of data that have been exposed during the breach, including full names, email addresses, home addresses, phone numbers, and other personal information. Although the company has stated that payment card details are masked in accordance with PCI guidelines, they advised customers to remain vigilant against potential phishing attacks.

    While M&S has temporarily paused its Sparks offers amid the investigation, there have been no updates on the resumption of online order processing or other business operations at this time. The company has committed to notifying all impacted customers and providing further details as they become available.

  • Marks & Spencer Faces Payment Disruption Following Cyber Incident

    Marks & Spencer Faces Payment Disruption Following Cyber Incident

    UK high street retailer Marks & Spencer (M&S) is grappling with ongoing disruptions in contactless payment systems due to a reported cyber incident, leading to significant delays in customer order processing. In a communication released on Wednesday evening, the retailer confirmed that Click & Collect services have been suspended until further notice, and customers can expect delays in home deliveries as well.

    M&S has reassured its customers that it is taking measures to protect its operations, stating that certain internal processes have been moved offline as a precaution. While the company has not publicly confirmed that ransomware is involved in the incident, their actions reflect common practices associated with ransomware attacks. According to an update from the retailer, this decision was made to ensure the safety and security of colleagues, partners, suppliers, and the business itself.

    Despite inquiries from The Register, M&S has not provided clarification regarding the nature of the cyber incident, specifically whether it involves a ransomware attack. The company’s latest statement expressed gratitude to customers for their understanding during these technical difficulties and assured that it is actively working to restore services with the help of industry experts.

    Interestingly, while contactless payment options are down, M&S has not reported issues with traditional chip and PIN payments. This raises questions about the specific technical challenges the retailer is facing. Nonetheless, the retailer confirmed through social media that all its physical stores in the UK remain open and that online orders can still be placed via its app, suggesting that some elements of its operations are unaffected.

    Many customers have reacted positively to M&S’s approach in handling public communications during this incident, demonstrating a growing trend among UK businesses to take accountability and communicate openly during cyber threats. Experts note that organizations willing to take responsibility and keep their customers informed tend to fare better in public perception. The timely response draws parallels with the British Library’s effective crisis communication following its own ransomware incident last year.

    The situation continues to evolve, with M&S promising updates as they work towards resolving the ongoing issues. For more information, customers have been directed to monitor M&S’s official updates online. Sources including The Register provide further context regarding the incident and its implications for large retailers.