M&S Cyber Attack

The continuing fallout from the M&S cyber-attack last month is casting a dark cloud over the retailer's outlook as its online channels remain down for payments.

The company has said that website sales are expected to resume, at least partially, in a couple of weeks' time. That will be a huge blow to their sales and turnover which is any retailers worst nightmare.

It is widely believed that the retailer fell victim to the same hackers, known as Scattered Spider, who were linked to similar attacks on the Co-op and Harrods towards the end of April.

No comment has been provided from M&S on whether it had paid a ransom to the hackers who were using DragonForce ransomware.

The Chief Executive, Stuart Machin, confirmed that the personal details of customers were stolen during April’s suspected ransomware attack via the firm’s Instagram account on the 13th of May:

“As we continue to manage the current cyber incident, we have written to customers today to let them know that unfortunately, some personal customer information has been taken.”

The statement said that there is no evidence that the information has been shared.

M&S has reassured customers that the data does not include usable card or payment details or account passwords.

The compromised customer data could include name, date of birth, telephone number, home address, email address, online order history.

M&S has seen more than one billion pounds lost from its stock market value since it declared the incident on 22 April.

Contact Romano Security Consulting today for help and advice on securing your organisation.