Major M&S boss reveals criminal gang behind crippling cyber attack
Click to share on X/Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)
MARKS & Spencer has revealed that hacker group "DragonForce" was behind the cyberattack that shut down its online shopping for six weeks.
Chairman Archie Norman told UK lawmakers the attack crippled M&S's automated warehouse in Castle Donington, which is set to be back online imminently.
Sign up for Scottish Sun
newsletter
Sign up
1
Norman said it might take up to 18 months to get the insurance payout for the attack
Credit: Getty
The breach disrupted operations in April and May, forcing the retailer to scramble to restore its systems.
The hack saw click and collect services across UK stores go down, as well as customer information stolen.
The group originally suspected to be behind the cyber attack was "Scattered Spider" - a notorious cyber criminal-collective.
However, it's now confirmed that the attack was carried out by DragonForce.
DragonForce creates ransomware that locks up a victim's files and rents it out to other criminals.
A group of young, English-speaking hackers is thought to be using DragonForce's tools to attack companies.
These hackers steal data and demand a ransom to unlock the files and prevent the stolen information from being leaked.
The attack on M&S began on Saturday, April 19, with customers unable to collect purchases or return items.
On April 21, M&S acknowledged the attack, apologised for the inconvenience, and engaged cyber security experts while notifying the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO).
Despite M&S' efforts to restore systems, disruptions continued throughout the week, forcing the retailer to make operational adjustments, including suspending online and app orders on Friday, April 24.
NSA warns cellphone users to change 'dangerous' message setting now or risk device being 'cloned' – it takes 3 clicks
This decision led to a 5% drop in the company's share price.
Shoppers reported empty shelves in some stores with staple items including bananas, fish, and the iconic Colin the Caterpillar cakes hard find in some shops.
On May 13, M&S confirmed that some customer information had been stolen in the attack.
On Wednesday, May 21, M&S said that disruption from the attack is expected to continue through July.
Timeline of cyber attack Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues. Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts. Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
Disruptions continue. M&S takes further systems offline as part of "proactive management". Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected. Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February. Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price. Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home. Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores. Tuesday, May 13: M&S revealed that some customer information has been stolen.
M&S revealed that some customer information has been stolen. Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July.
Click and collect, next day delivery and UK nominated day delivery for fashion items are still unavailable with services set to be restored "as soon as possible".
However, the retailer reintroduced a selection of third-party brands to its website last week, including Adidas, Columbia, and Lilybod.
Meanwhile, the high street giant has reduced its standard home delivery wait times from 10 days to five for customers in England, Scotland and Wales.
The M&S website also says home delivery in Northern Ireland will resume "in the coming weeks".
M&S is now strengthening its cybersecurity measures to prevent future attacks as it works to fully recover from the disruption.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Wales Online
44 minutes ago
- Wales Online
Massive empty church still full of original features is for sale
Every time a church or chapel closes there's a worry from the local community and anyone who has a passion or concern for the historic buildings of Wales that it will remain empty and eventually slide into dereliction. On a convenient corner in the Rhondda Fawr valley in the village of Ton Pentre there's a substantial church that is silent, but hoping to be the centre of activity again soon. Ystrad Congregational Church was founded in Ton Pentre in 1870 to cater for incoming English settlers working in the local coal pits, at a time when the population of the Rhondda valleys was growing rapidly. For more property stories sent to your inbox twice a week sign up to the property newsletter here . READ MORE: Inside one of Wales' finest Georgian homes which offers far more than first appears The church was rebuilt in its present form in 1884 and has remained virtually unaltered since that time, incorporating an interior with a three-sided gallery and a basement that housed a Sunday School. But it closed for worship in 2020 and has remained empty ever since. However, in 2022 there was a chance for the building to become homes and situated within walking distance of the high street shops, cafes, takeaways and pubs as well as the railway station, it seemed like an ideal location to create multiple abodes. The proposal in 2022 to convert the former Ystrad English Congregational Church into 11 homes by Taff Developments Ltd was for a mixture of one and two-bed flats across four floors. It was reported at the time of the planning decision that these would be flats for sale but the section 106 agreement will require a financial contribution equal to 30% of the open market value of one of the two-bedroom flats. The application was approved by Rhondda Cynon Taf Council's planning committee on Thursday, November 3, 2022. Planning officers recommended approval and said: 'The proposed development would contribute towards the local housing supply and provide a range of one and two-bedroom flats in a sustainable and convenient location. 'In addition, the reuse and conversion of the building would secure the retention of a prominent and attractive building, remove opportunities for dereliction, and result in a positive impact to the street scene. 'Whilst there are concerns the site is physically incapable of providing any off-street parking, these have been set against the benefits of the re-use of the site and its proximity to local facilities and the rail and bus network.' The planning report said that, apart from this and general replacement and repair works, the footprint, scale and form of the building would be unaltered, since the majority of the works would be internal. An historic building recording of the chapel was carried out in 2024 prior to conversion to flats but the structure is not listed. Now the building is for sale for £175,000 with Property Plus Estate Agents, call 0800 043 7300 to find out more. For more property stories and home content join our Amazing Welsh Homes Facebook group here.
South Wales Argus
an hour ago
- South Wales Argus
Dashcam footage as banned driver reversed into police on M4
Christian Robjohn was jailed at Newport Crown Court for a series of driving offences in the early hours of November 7 last year. 'The utterly reckless and selfish driving which you displayed involved doing anything and everything to try to get away,' said Recorder Andrew Hammond as he jailed the defendant. Prosecutor Nuhu Gobir said a police officer in an unmarked car spotted a Skoda Octavia driving on Malpas Road in Newport at around 2.20am. The car's front and rear number plates didn't match, and the officer suspected the vehicle had been stolen. A stinger was deployed near Malpas Fire Station, and this punctured the car's front tyres. However, Robjohn continued up the slip road and on to the westbound M4. On the motorway, a number of police vehicles boxed Robjohn in against the central barrier and brought him to a stop. As one officer got out to arrest him, Robjohn revved his engine, reversed, and 'collided heavily' with the police car behind, Mr Gobir said. The officer arrested the defendant – who was on his phone. Checks revealed Robjohn was disqualified at the time, meaning he also had no insurance. Inside the car, officers found tools worth a total of £1,133.08 which had been stolen from B&Q in Cwmbran. Robjohn admitted dangerous driving, driving whilst disqualified, driving without insurance, fraudulent use of registration plates, and handling stolen goods. Christian Robjohn tried to outrun the police on the M4 despite having two punctured tyres. (Image: Gwent Police) The defendant also admitted burglaries at three businesses in Cardiff on September 30, 2023, and breaching bail by failing to attend court. Mr Gobir said the managers of B&M and PureGym on Excelsior industrial estate in Cardiff and B&M in Pentwyn all received messages reporting break-ins at the stores. Robjohn and his co-defendant David Large used a Citroen Berlingo van to 'ram raid' the businesses, but they were both caught at the scene in Pentwyn. The court heard 43-year-old Large, of Ellwood Close in Trowbridge was sentenced to a community order for the burglaries. Mr Gobir said the defendant had 24 previous convictions for 50 offences, and that he had 'a very bad driving record'. Robjohn's defence counsel said his best mitigation for the driving offences was his guilty pleas. He said the 39-year-old defendant had viewed these proceedings as a wake-up call, and told him: 'I'm finished. I'm going to look after my family from now on and do the right thing'. The court heard that the defendant had already served the equivalent to a 21-month sentence in custody awaiting sentence and on licence. Robjohn, of Wakehurst Place in St Mellons, was jailed for a total of 21 months, meaning he will be released from prison imminently. He was banned from driving for three years, and must pass an extended retest.
South Wales Guardian
2 hours ago
- South Wales Guardian
Nvidia becomes most valuable company in the world at 4 trillion dollars
Nvidia shares rose 2.5%, or 3.97 dollars (£2.92), in early trading on Wednesday, topping 164 dollars (£120) each. At the beginning of 2023, Nvidia shares were around 14 dollars (£10) each. The poster child of the AI boom, Nvidia has grown into the largest company on Wall Street, surpassing Microsoft, Apple, Amazon and Google. The stock's movement carries more weight on the S&P 500 and other indexes than every company except Apple. Two years ago, Nvidia's market value was below 600 billion dollars (£441 billion). In its most recent quarter, Nvidia overcame tariff-driven turbulence to deliver another quarter of robust growth amid feverish demand for its high-powered AI chips. Nvidia earned 18.8 billion dollars (£13.8 nillion) in the period, a 26% increase from the same time last year. Revenue surged 69% from a year ago to 44.1 billion dollars (£32.5 billion). If not for a 4.5 billion dollar (£3.3 billion) charge that Nvidia absorbed to account for the US government's restrictions on its chip sales to China, Nvidia would have made 96 cents (71p) per share, far above the 73 cents (54p) per share envisioned by analysts. Nvidia reports its second-quarter results next month. Wall Street is expecting another quarter of record sales and profit for the Santa Clara, California, company. Nvidia and other companies benefiting from the AI boom have been a major reason the S&P 500 has climbed to record after record recently. Their explosion of profits has helped to propel the market despite worries about stubbornly high inflation and possible pain coming for the US economy from tariffs and other policies of President Donald Trump.
