Marks & Spencer Reports Cyber Attack, Thousands of Customers Affected

Marks & Spencer, a prominent British retail giant, recently disclosed a significant cyber attack that resulted in the unauthorized access of sensitive personal information from its customers. The company, valued at $9.67 billion and operating in over 62 countries, informed the London Stock Exchange about the breach. The compromised data includes contact details, dates of birth, and online order history, but notably, it does not include usable card or payment details, nor any account passwords.

The company has issued a warning to its customers, advising them to be cautious of any emails, calls, or texts claiming to be from Marks & Spencer, as these could be phishing attempts. The number of affected customers is reported to be in the thousands, with the company having at least 9.4 million online customers as of March 30th, 2024.

This incident is believed to be part of a broader operation by a hacking group known as “DragonForce,” which has also claimed responsibility for a breach at the Co-op Food grocery chain in the UK. The hackers reportedly reached out to the BBC, providing proof of their intrusion into Co-op’s IT networks and the theft of substantial amounts of customer and employee data. Screenshots from a Microsoft Teams chat showed the hackers informing Co-op’s head of cyber security that the company was being extorted, with the group stating, “Hello, we exfiltrated the data from your company. We have customer database, and Co-op member card data.”

The responses to both incidents are still ongoing, with Marks & Spencer and Co-op Food working to mitigate the damage and protect their customers' information. This breach highlights the growing threat of cyber attacks on retail giants and the importance of robust cybersecurity measures to safeguard customer data.