Personal data of M&S customers unlawfully accessed during recent security breach
Marks & Spencer (M&S) acknowledges customer data breach in recent cyber attack
Marks & Spencer (M&S) has disclosed that some customer data was accessed during a recent cyber attack on the company. In response, the retailer will ask customers to reset their passwords the next time they visit their M&S account as a precaution.
In a statement, the company assures customers that there is no evidence that the data has been shared, and it does not include useable card or payment details, or account passwords. Therefore, customers do not need to take any action, the company states.
M&S has been dealing with the aftermath of the hack since the Easter weekend, following an interruption in online and app sales the following week.
Initially, reports linked the cyber attack to the ransomware group Scattered Spider, which is known for high-profile attacks on MGM Resorts, The Co-operative Group, and Harrods. However, the group behind the attacks contacted the BBC and identified itself as 'DragonForce,' denying any links with Scattered Spider.
DragonForce could be an official affiliate of Scattered Spider or simply using some of its tools and techniques. Reports surrounding the M&S attack suggest social engineering was used as an attack vector, the same method used to breach MGM Resorts. Other methods included Telegram and SMS phishing, SIM swapping, and exploiting multi-factor authentication fatigue. Members of the group often pose as IT staff to trick workers into sharing their credentials or granting remote access to their computers.
According to Adi Bleih, a security researcher at Cyberint, Scattered Spider may have been involved in the early-stage intrusion, followed by ransomware deployment and extortion by DragonForce or one of its affiliates.
M&S has been working with external experts to secure its systems and has reported the incident to government authorities and law enforcement.
Lisa Forte, a partner at Red Goat Security, commended M&S for its response, stating that the attack underscores the strain security teams face when it comes to reporting breaches. Forte noted that speaking sooner would have minimized the risk of the hackers releasing information, while speaking too soon without all the facts could have caused unnecessary panic.
The cyber attack has impacted M&S, with its share price having fallen by 15% since the incident was made public. Jake Moore, global cybersecurity advisor at ESET, emphasized that the prolonged cyber crisis serves as a reminder of the extensive damage cyber attacks can cause enterprises.
According to reports, DragonForce is a relatively new ransomware operation that emerged in late 2023 and evolved into a Ransomware-as-a-Service (RaaS) model. The group recruits affiliate hackers and allows them to use their ransomware platform under a white-label model. DragonForce handles the critical infrastructure, while taking a 20% cut of any ransom paid.
DragonForce's malware is built from leaked source code of infamous ransomware groups like LockBit 3.0 and Conti. The group avoids certain targets such as healthcare organizations and follows a "moral code."
- In the wake of the cyber attack, Marks & Spencer (M&S) is collaborating with external experts to enhance the cybersecurity infrastructure of its systems, aiming to prevent further breaches.
- The cyber attack on M&S, perpetrated by a group known as DragonForce, has highlighted the significance of robust cybersecurity in finance and general-news sectors, emphasizing the potential devastating impact cyber attacks can have on businesses.
- Although the data breach in the M&S cyber attack did not involve shareable card or payment details, the incident has had a notable impact on the company's stock market standing, with its shares falling by 15% since the incident was revealed.
