Marks and Spencer (M&S) has acknowledged that customer data was stolen during a ransomware attack linked to DragonForce. As a precaution, they’re asking all online customers to reset their account passwords.
This incident happened three weeks ago, and it’s believed to involve a white-label affiliate of DragonForce, possibly the Scattered Spider group, known for using social engineering tactics. The stolen data includes email addresses, postal addresses, phone numbers, names, dates of birth, and details about customer interactions, like online order histories and household information. Some customer reference numbers tied to M&S credit cards and Sparks Pay cards might also be compromised.
M&S CEO Stuart Machin said, “We’ve informed customers that some personal data has been taken. There’s no evidence this information has been shared, and it doesn’t include usable card details or passwords, so customers don’t need to panic.” He added that customers will be prompted to reset their passwords during their next login, and the company has shared online safety tips.
Customer service operations director Jayne Wall sent out a letter with further guidance on staying safe online. However, cybersecurity experts have expressed concern. NordVPN’s CTO, Marijus Briedis, called M&S’s optimism about the attackers not leaking data “overly optimistic.” He explained that even without passwords or credit card details, the stolen data is valuable for phishing schemes or identity theft. “Harmless” data like email addresses and order histories can be used to create very convincing phishing emails, making them hard to detect.
Max Vetter, a cybersecurity expert and former investigator, criticized M&S for not providing clearer assurances. He pointed out that simply advising customers to change their passwords doesn’t restore trust. “Customers need to know how M&S is safeguarding their data and preventing it from being misused,” he said.
Meanwhile, the Co-op is dealing with ongoing supply chain disruptions due to a similar DragonForce attack. Reports indicate that stores in the Channel Islands are facing significant shortages and are working with local suppliers. In other remote areas, such as the Hebrides, residents are also struggling with delivery issues, especially on islands like Islay where Co-op is the main grocery retailer.
The Co-op has confirmed that it, too, suffered a data breach involving customers’ names, dates of birth, and contact information, but no sensitive financial details or shopping habits were compromised.
