English
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek
M&S forces customer password resets after data breach
Marks and Spencer (M&S) has confirmed that customer data was stolen during the Easter DragonForce ransomware attack on its server infrastructure and will be prompting all online customers to reset their account passwords as a precautionary move.
The attack unfolded three weeks ago and is thought to have been the work of a white-label affiliate of DragonForce – possibly the notorious Scattered Spider operation, which uses social engineering tactics to conduct its intrusions.
The stolen tranche of data is understood to include contact details email addresses, postal addresses and phone numbers; personal information including names and dates of birth; and data on customer interactions with the chain, including online order histories, household information, and ‘masked’ payment card details.
M&S added that customer reference numbers, but not payment information, belonging to holders of M&S credit cards or Sparks Pay cards – including former cardholders – may also have been taken.
“We have written to customers today to let them know that unfortunately, some personal customer information has been taken,” said M&S chief exec Stuart Machin.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.”
Machin added: “To give customers peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.
“Everyone at M&S is working around the clock to get things back to normal for our customers as quickly as possible, and we are very sorry for any inconvenience they have experienced.
Our stores remain open as they have throughout.”
The letter to customers from customer service operations director Jayne Wall – which can be reviewed here – also includes additional standard guidance on how to stay safe online.
NordVPN chief technology officer, Marijus Briedis, described M&S’ assertion that the attackers have not yet leaked or shared the stolen data was “overly optimistic” under the circumstances and warned that even if passwords or credit card details were not exposed, the data that was taken was still very useful to cyber criminals.
“This type of data can be used in phishing campaigns or combined with other leaked information to commit identity theft,” explained Briedis.
“Consumers often underestimate how damaging ‘harmless’ data like order history or email addresses can be in the wrong hands.
These M&S hackers could use this data to build highly personalised phishing emails, designed to look identical to what the retailer would send, and these are much harder to spot.
“This breach highlights how companies must not only secure financial data, but also treat seemingly less sensitive information – like customer profiles and purchase records – as critical assets that require protection.”
Max Vetter, vice president of cyber at Immersive and a former money laundering investigator with London’s Metropolitan Police, also had harsh words for M&S.
“M&S saying that customers could change their passwords “for extra peace of mind” does little to reassure those worried about who has access to their personal information,” he said.
“As the fallout from this attack continues, customers want clear assurances about their personal data and what M&S is doing to keep it safe from being published online.
“M&S want to appear in control and telling people to be more vigilant, however, telling customers there’s no need to act risks does potentially the wrong message.
We recommend all customers reset their password.
Zetter reaffirmed the stolen data would be prime material for downstream social engineering and phishing attacks, especially if it is indeed in the hands of Scattered Spider who, he said, “often play a long game”.
Meanwhile, disruption from the parallel DragonForce attack on Co-op continues, with the BBC today reporting that stores in the Channel Islands are experiencing particularly acute shortages and are now working with local suppliers to maintain some supplies.
In other remote parts of the UK, including the Hebrides in Scotland, residents are similarly contending with disruption to deliveries.
On many islands, such as whisky-making hub Islay, where Co-op stores is the only large food retailer operating, these shortages are now extending to supplier of fresh fruit and vegetables.
Co-op has also confirmed that data has been stolen, including names, dates of birth and contact information, but not passwords, financial details, or any information on members’ shopping habits or other interactions with the organisation.
Timeline: UK retail cyber attacks
22 April 2025: A cyber attack at M&S has caused significant disruption to customers, leaving them unable to make contactless payments or use click-and-collect services.
24 April: M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business.
25 April: M&S shuts down online sales as it works to contain and mitigate a severe cyber attack on its systems.
29 April: The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on M&S that has crippled systems at the retailer and left its ecommerce operation in disarray.
30 April: A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack.
1 May: Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop.
1 May: Harrods confirms it is the latest UK retailer to experience a cyber attack, shutting off a number of systems in an attempt to lessen the impact.
2 May: The National Cyber Security Centre confirms it is providing assistance to M&S, Co-op and Harrods as concerns grow among UK retailers.
7 May: No end is yet in sight for UK retailers subjected to apparent ransomware attacks.
Source: https://www.computerweekly.com/news/366623565/MS-forces-customer-password-resets-after-data-breach" style="color: #0066cc;">https://www.computerweekly.com/news/366623565/MS-forces-customer-password-resets-after-data-breach
#mampamps #forces #customer #password #resets #after #data #breach
M&S forces customer password resets after data breach
Marks and Spencer (M&S) has confirmed that customer data was stolen during the Easter DragonForce ransomware attack on its server infrastructure and will be prompting all online customers to reset their account passwords as a precautionary move.
The attack unfolded three weeks ago and is thought to have been the work of a white-label affiliate of DragonForce – possibly the notorious Scattered Spider operation, which uses social engineering tactics to conduct its intrusions.
The stolen tranche of data is understood to include contact details email addresses, postal addresses and phone numbers; personal information including names and dates of birth; and data on customer interactions with the chain, including online order histories, household information, and ‘masked’ payment card details.
M&S added that customer reference numbers, but not payment information, belonging to holders of M&S credit cards or Sparks Pay cards – including former cardholders – may also have been taken.
“We have written to customers today to let them know that unfortunately, some personal customer information has been taken,” said M&S chief exec Stuart Machin.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.”
Machin added: “To give customers peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.
“Everyone at M&S is working around the clock to get things back to normal for our customers as quickly as possible, and we are very sorry for any inconvenience they have experienced.
Our stores remain open as they have throughout.”
The letter to customers from customer service operations director Jayne Wall – which can be reviewed here – also includes additional standard guidance on how to stay safe online.
NordVPN chief technology officer, Marijus Briedis, described M&S’ assertion that the attackers have not yet leaked or shared the stolen data was “overly optimistic” under the circumstances and warned that even if passwords or credit card details were not exposed, the data that was taken was still very useful to cyber criminals.
“This type of data can be used in phishing campaigns or combined with other leaked information to commit identity theft,” explained Briedis.
“Consumers often underestimate how damaging ‘harmless’ data like order history or email addresses can be in the wrong hands.
These M&S hackers could use this data to build highly personalised phishing emails, designed to look identical to what the retailer would send, and these are much harder to spot.
“This breach highlights how companies must not only secure financial data, but also treat seemingly less sensitive information – like customer profiles and purchase records – as critical assets that require protection.”
Max Vetter, vice president of cyber at Immersive and a former money laundering investigator with London’s Metropolitan Police, also had harsh words for M&S.
“M&S saying that customers could change their passwords “for extra peace of mind” does little to reassure those worried about who has access to their personal information,” he said.
“As the fallout from this attack continues, customers want clear assurances about their personal data and what M&S is doing to keep it safe from being published online.
“M&S want to appear in control and telling people to be more vigilant, however, telling customers there’s no need to act risks does potentially the wrong message.
We recommend all customers reset their password.
Zetter reaffirmed the stolen data would be prime material for downstream social engineering and phishing attacks, especially if it is indeed in the hands of Scattered Spider who, he said, “often play a long game”.
Meanwhile, disruption from the parallel DragonForce attack on Co-op continues, with the BBC today reporting that stores in the Channel Islands are experiencing particularly acute shortages and are now working with local suppliers to maintain some supplies.
In other remote parts of the UK, including the Hebrides in Scotland, residents are similarly contending with disruption to deliveries.
On many islands, such as whisky-making hub Islay, where Co-op stores is the only large food retailer operating, these shortages are now extending to supplier of fresh fruit and vegetables.
Co-op has also confirmed that data has been stolen, including names, dates of birth and contact information, but not passwords, financial details, or any information on members’ shopping habits or other interactions with the organisation.
Timeline: UK retail cyber attacks
22 April 2025: A cyber attack at M&S has caused significant disruption to customers, leaving them unable to make contactless payments or use click-and-collect services.
24 April: M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business.
25 April: M&S shuts down online sales as it works to contain and mitigate a severe cyber attack on its systems.
29 April: The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on M&S that has crippled systems at the retailer and left its ecommerce operation in disarray.
30 April: A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack.
1 May: Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop.
1 May: Harrods confirms it is the latest UK retailer to experience a cyber attack, shutting off a number of systems in an attempt to lessen the impact.
2 May: The National Cyber Security Centre confirms it is providing assistance to M&S, Co-op and Harrods as concerns grow among UK retailers.
7 May: No end is yet in sight for UK retailers subjected to apparent ransomware attacks.
Source: https://www.computerweekly.com/news/366623565/MS-forces-customer-password-resets-after-data-breach
#mampamps #forces #customer #password #resets #after #data #breach
·102 Views
