Sun. Jun 8th, 2025
M&S Data Breach Traced to Third-Party Vendor

Marks & Spencer (M&S) suffered a significant cyberattack in April, reportedly perpetrated by the hacking group DragonForce, resulting in substantial financial losses and operational disruptions. Sources indicate the attackers gained access via a compromised third-party vendor with system permissions.

The attack caused millions of pounds in lost sales, forcing M&S to halt online orders for over three weeks. While the retailer refrains from detailing the breach specifics, stating that “availability is now in a much more normal place,” the impact remains considerable.

DragonForce, also implicated in attacks on the Co-op and an attempted breach of Harrods, has claimed responsibility. M&S will address the incident’s financial fallout in its annual results announcement on Wednesday, with analysts estimating weekly sales losses exceeding £40 million since the Easter weekend.

The attack prompted M&S to proactively shut down numerous IT systems, impacting both online and in-store operations, particularly food supplies. Restoring online functionality, vital for approximately one-third of clothing and homeware sales, remains a key challenge.

On May 13th, M&S confirmed the theft of some customer data, including personal details such as names, addresses, and order histories. However, the retailer clarified that compromised card information was unusable due to incomplete payment data storage practices.

The Co-op, also targeted by DragonForce, experienced similar disruptions, including payment issues and stock shortages. The attack impacted both customer and employee data. Both retailers are working to restore full operational capacity, with the Co-op aiming for normalized stock levels by the weekend.

As technology marches on, some people get trapped using decades-old software and devices. Here’s a look inside the strange, stubborn world of obsolete Windows machines.

The musician accuses the government of robbing young artists over its copyright law plans.

Authorities say they never allowed Jimmy Donaldson to film at pyramid heritage sites for profit.

The company apologised to customers after its app and website went down on Friday afternoon.

The infrastructure of humanity’s journey into space may only be decades old, but some of it has already been lost. Now, “space archaeologists” are scrambling to save what’s left.

M&S Data Breach Traced to Third-Party Vendor

Sources close to the investigation reveal that the recent Marks & Spencer (M&S) cyberattack, which occurred in April, originated from a third-party vendor with access to the retailer’s systems.

The breach resulted in substantial financial losses for M&S, with estimates exceeding £40 million in weekly sales since the incident began during the Easter weekend. Online services were suspended for over three weeks, impacting operations significantly.

M&S declined to comment specifically on the breach details, stating only that “availability is now in a much more normal place with stores well stocked this weekend.”

The perpetrators, identifying themselves as DragonForce, have claimed responsibility for this attack, as well as previous incidents targeting the Co-op and an attempted breach at Harrods.

M&S’s upcoming annual results announcement on Wednesday will inevitably focus on the ramifications of this devastating attack and its financial impact.

Following the attack, M&S proactively shut down numerous IT operations, temporarily disabling core systems while addressing the breach. The restoration of its online platform, crucial for approximately one-third of clothing and homeware sales, remains a primary challenge.

M&S confirmed on May 13th that some customer data was compromised, potentially including names, addresses, and order histories. However, the retailer assures customers that card information was not vulnerable due to its system’s security protocols.

The Co-op, also a victim of DragonForce’s attacks, experienced similar disruptions, including payment processing issues and stock shortages. They reported service recovery and a return to normal stock levels by the weekend.

The High Street chain is trialling moving its self-serve goods to crack down on shoplifting.

Storm-hunting planes chase atmospheric rivers through the sky from Japan to the US, revealing new insights into these powerful storms and how we can keep ourselves safe.

Experts say it will be difficult to find a new use for the House of Fraser building.

The BBC investigates one of the most damaging ranswomare attacks on a UK local council.

As technology marches on, some people get trapped using decades-old software and devices. Here’s a look inside the strange, stubborn world of obsolete Windows machines.