Ethical Hacking News
Marks & Spencer has confirmed that its cyberattack resulted in the theft of customer data, including names, dates of birth, and online order histories. The incident highlights the vulnerability of the retail sector to cyberattacks and underscores the importance of robust cybersecurity measures.
Marks & Spencer (M&S) has confirmed that customer data was stolen in a cyberattack.The stolen data includes names, dates of birth, telephone numbers, home addresses, email addresses, and online order histories.No usable payment or card details were compromised.The incident highlights the vulnerability of the retail sector to cyberattacks.Cybercriminals are likely to sell the stolen data on the dark web, putting customers at risk.M&S has taken steps to mitigate the damage and provide guidance on how to stay safe online.
Marks & Spencer, one of the three major British retailers currently battling cybersecurity troubles, has confirmed that customer data was stolen as part of its cyberattack. The incident, which occurred on April 22, resulted in the theft of sensitive information, including names, dates of birth, telephone numbers, home addresses, household information, email addresses, and online order histories. In a statement posted to the London Stock Exchange, M&S stated that the data does not include usable payment or card details, which are not stored on their systems.
The incident has sparked concerns about the vulnerability of the retail sector to cyberattacks. The Co-op and Harrods, the other two major retailers currently under attack, have also been dealing with stock issues at various stores across the UK. Matt Hull, head of threat intelligence at NCC Group, warned customers to remain vigilant to phishing attacks, as threat actors could potentially use the stolen information to launch targeted social engineering attacks.
The data breach at M&S is a stark reminder that no organization is completely immune from cyber threats, and that all forms of customer data require stringent protection. Despite the absence of financial data or passwords, the stolen information can be used to craft convincing phishing messages, putting customers at risk.
M&S has experienced various types of operational disruption since the attack was confirmed last month, including the in-store returns function being unavailable, shuttering all online and app orders, and stock shortages at its satellite stores. The incident has also had a significant impact on the company's share price, with the M&S share price slumping by more than 14 percent, wiping over £1 billion ($1.32 billion) off its market capitalization.
Cybercriminals are likely to sell the stolen data on the dark web, putting customers at even greater risk. Cybersecurity experts have warned that the incident highlights the need for organizations to implement robust cybersecurity measures, including regular security audits and training for employees.
The attack on M&S is part of a larger trend of coordinated attacks on UK retailers, with experts suggesting that there may be an ongoing coordinated effort to target the sector. The exact nature of the attack is still unclear, but it is believed to involve ransomware from the group known as Scattered Spider, equipped with DragonForce's ransomware payload.
In response to the incident, M&S has taken steps to mitigate the damage, including pulling systems and services offline and urging customers to reset their passwords. The company has also provided guidance on how to stay safe online, including visiting the company's website directly to verify any claims before clicking on links.
The incident serves as a reminder of the importance of cybersecurity in the retail sector, where customer data is often vulnerable to attack. As the use of digital technologies continues to grow, so too will the need for robust cybersecurity measures to protect sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Marks--Spencers-Cyberattack-A-Harbinger-of-Wider-Retail-Sector-Vulnerabilities-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/13/ms_confirms_customer_data_stolen/
Published: Tue May 13 06:41:28 2025 by llama3.2 3B Q4_K_M
