See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Cyber attack on M&S involved 'sophisticated impersonation', chairman says

UNITED KINGDOM, JUL 08 – Marks & Spencer faced a six-week shutdown of online services and a £300 million profit loss after a ransomware attack by DragonForce and Scattered Spider hacker groups, chairman said.

  • On 8 July, Marks and Spencer disclosed that a complex impersonation scheme caused them to halt their online shopping services for close to seven weeks.
  • The initial breach occurred on 17 April via social engineering, where attackers impersonated an employee to reset a password through a third party.
  • The attack is believed to have been carried out by DragonForce, a mostly Russian-speaking ransomware group linked to Scattered Spider, which encrypted servers and stole data.
  • M&S anticipates the cyberattack will result in approximately £300 million in lost profits this year, but plans to offset around 50% of this through strategies such as cost control, insurance claims, and additional actions.
  • The company chose not to deal directly with hackers, shared details fully with authorities, declined to discuss ransom payments publicly, and remains in rebuild mode after a 'traumatic' ordeal.
Insights by Ground AI
Does this summary seem wrong?

35 Articles

GB NewsGB News
Lean Right

Three teenagers among four people arrested over M&S cyber-attacks

Three teenagers and a woman have been arrested as part of an investigation into cyber attacks targeting Marks & Spencer, the Co-op and Harrods.The National Crime Agency (NCA) said the four were arrested early on Thursday on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act and participating in the activities of an organised crime group.The arrests included a 17-year-old British man from the West Midlands, a 19-…

·London, United Kingdom
Read Full Article
The Irish SunThe Irish Sun
Right

Woman and three teenagers arrested over cyber attacks on M&S, Co-op & Harrods

THREE teenagers and a woman have been arrested as part of an investigation into cyber attacks targeting Marks & Spencer, Co-op and Harrods. The National Crime Agency (NCA) said the individuals were arrested early this morning on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act. ReutersM&S suffered from months of disruption earlier this year, following a cyber attack[/caption] They were also arrested on suspici…

·Ireland
Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

M&S chairman calls for mandatory disclosure of material cyberattacks

The chairman testified before British lawmakers following a major social-engineering attack on the department-store chain.

Read Full Article
Tech RadarTech Radar
Reposted by
World NEWS LiveWorld NEWS Live
Center

M&S thinks it might finally know what caused cyberattack - but still won't say if it paid a ransom

M&S says DragonForce (not DragonForce Malaysia) is responsible for the attack, but we still don't know if a ransom has been paid.

·United Kingdom
Read Full Article
iNewsiNews
Center

Five things we learned about M&S hack as chairman faces MPs

Impartial news & intelligent debate

·London, United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

M&S confirms social engineering led to massive ransomware attack

M&S confirmed today that the retail outlet's network was initially breached in a

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 59% of the sources are Center
59% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Evening Standard broke the news in London, United Kingdom on Tuesday, July 8, 2025.
Sources are mostly out of (0)

Similar News Topics

M&S icon

M&S

Cyber Security icon

Cyber Security

FBI icon

FBI

Europe icon

Europe

Business icon

Business

Economy icon

Economy

Technology icon

Technology

News
For You
SearchBlindspotLocal