Latest news with #DragonForce
Tom's Guide
2 days ago
- Business
- Tom's Guide
Co-op cyberattack exposes personal data of all 6.5 million members — what to do next
The cyberattack at the Co-op Group is now confirmed to have involved the personal data of all 6.5 million members. As reported by Cybernews, Shirine Khoury-Haq, CEO, gave an interview on the BBC this week expressing her regret over the events and confirming the details. The hackers, believed to be members of the Scattered Spider group, managed to copy the member list which included personal details such as full names, home addresses, email addresses, phone numbers and birth dates. Fortunately, as Co-op had previously invested in detection systems that alerted it to the unusual behavior within a few hours, the group was able to shut down parts of its system within hours of the breach keeping the attackers from deploying the DragonForce ransomware. This means that no financial data, purchase history or transaction data was taken and that the hackers were unable to fulfill their goal of using the ransomware attack to blackmail the group. It also means that the attackers were unable to erase what they did, and their code was sent back to authorities resulting in arrests being made. The attack on Co-op occurred in April, just days after the attack on M&S and is believed to be part of a broader campaign that also resulted in a cyberattack targeting Harrods. The Scattered Spider group uses deception tactics to trick IT helpdesk employees into giving its hackers access to a network; the attacks often result in empty grocery store shelves or other businesses reverting back to paper based systems in order to continue operations. The Information Commissioner's Office, the UK's data protection watchdog has said that anyone concerned about their personal data should visit its website for information and support. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Additionally, Co-op members should be on alert for any signs of phishing attacks since threat actors will be looking for vulnerable targets using this stolen data. So be on alert for signs of phishing scams and social engineering attacks so you can avoid falling victim to them. Hackers will often leverage all the information they have on a potential target in order to try and trick you into clicking on a malicious link or downloading a malicious app or other software that appears legitimate but actually contains viruses. Likewise, never click on unexpected links, QR codes or attachments or links from unknown senders. Verify through independent means if someone contacts you asking you to download or click on something. Likewise, don't share personal information with people you don't know online, and clear out any old emails that may contain personal details and information. If you don't already have one of the best antivirus software solutions installed on your devices, make sure you get one. They have multiple features that can help protect you when you go online from VPNs and website alerts to identity monitoring and phishing protection.
Yahoo
10-07-2025
- Business
- Yahoo
NCA arrests four in M&S, Co‑op, Harrods cyberattack probe
British authorities have arrested four individuals aged between 17 and 20 in connection with a spate of cyberattacks targeting prominent UK retailers Marks & Spencer (M&S), the Co‑op, and Harrods earlier this year. The arrests form part of a broader investigation led by the National Crime Agency (NCA) into what is described as a substantial organised ransomware campaign. Two 19‑year‑olds, a 17‑year‑old male and a 20‑year‑old female were detained this morning at their homes in London, the West Midlands and Staffordshire on suspicion of offences including computer misuse under the Computer Misuse Act, blackmail, money laundering and participation in an organised crime group. Authorities seized electronic devices for forensic examination. The NCA's National Cyber Crime Unit, supported by regional organised crime units, confirmed this marks a key milestone in an investigation deemed one of the agency's highest priorities. The attacks occurred in April 2025, when ransomware was deployed across retail systems. M&S suffered a six‑week shutdown of its online clothing and homeware services, resulting in severe disruption to click‑and‑collect and food deliveries, and an estimated £300 million hit to operating profits. Co‑op and Harrods also faced disruptions, with the Co‑op temporarily disabling key systems and Harrods shutting down parts of its IT infrastructure. Investigators later classified the breaches at M&S and Co‑op as a 'single combined cyber event,' attributing damages ranging from £270 million to £440 million. The cyber intrusions are believed to have begun via social engineering and impersonation of third‑party service providers. The hacking collective 'Scattered Spider' has been linked to the attacks, allegedly exploiting human vulnerabilities to gain initial access before deploying ransomware from the 'DragonForce' operation. The modus operandi reportedly included phishing calls, SIM swapping and email‑based social engineering to bypass internal defences. All four suspects remain in custody while NCA investigators continue digital forensic analysis. Deputy Director Paul Foster said the arrests are a significant step, but emphasised that work with domestic and international partners is ongoing to hold all responsible parties to account. He underscored the importance of incident reporting and cooperation by affected organisations to combat cyber threats. Retailers face mounting pressure to strengthen defences, with calls for mandatory disclosure of material cyber incidents following M&S chairman Archie Norman's warnings that other significant hacks went unreported. The NCA advised businesses to use the government's Cyber Incident Signposting Site to report any cyber incident promptly. While the investigation moves forward, the case highlights the rising risk of ransomware in retail supply chains and the critical role of policing, cybersecurity investment and mandatory incident transparency in protecting businesses and consumers. "NCA arrests four in M&S, Co‑op, Harrods cyberattack probe" was originally created and published by Retail Insight Network, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
Reuters
10-07-2025
- Business
- Reuters
UK police arrest four over cyberattacks on M&S, Co-op and Harrods
LONDON, July 10 (Reuters) - Four people under 21 have been arrested as part of a police investigation into cyberattacks that disrupted the operations of UK retailers Marks & Spencer (MKS.L), opens new tab, the Co-op (42TE.L), opens new tab and Harrods, Britain's National Crime Agency said on Thursday. April's ransomware attack on M&S, one of the best known names in British business, was the most serious, forcing it to suspend online clothing shopping for nearly seven weeks and costing it about 300 million pounds ($400 million) in operating profit. The NCA said males aged 19, 19 and 17 and a 20-year-old woman had been detained in the English West Midlands and London on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in organised crime. All were arrested at home, had their electronic devices seized, and were being questioned by the NCA's National Cyber Crime Unit. On Tuesday, M&S Chairman Archie Norman told lawmakers the retailer had been in contact with the U.S. FBI over the cyberattack. He said "loosely aligned parties" had worked together under the suspected leadership of a group known as DragonForce. Norman said British businesses should be legally required to report material cyberattacks, alleging that two recent major attacks on large UK firms had gone unreported. M&S resumed taking online orders for clothing lines on June 10 after a 46-day suspension but is yet to restore click-and-collect services. Last week, CEO Stuart Machin told investors the group would be over the worst of the fallout by August.
The Sun
08-07-2025
- Business
- The Sun
M&S chairman names hackers and ransomware group behind April cyber attack
MARKS & Spencer's cyber attack was linked to hackers Scattered Spider and ransomware group DragonForce, according to its chairman. DragonForce is believed to rent out software that locks files and then demands payment to unlock them. M&S boss Archie Norman, who was quizzed by MPs yesterday, refused to say whether or not the retailer paid the group's ransom money following the hack in April. The attack left M&S unable to take online orders for more than six weeks and forced it to shut down operations at its Castle Donington warehouse. The breach is estimated to have cost £300million in lost profits, though M&S expects to recover half through cost management and insurance. Mr Norman told a business and trade select committee it was 'not an overstatement to describe it as traumatic', adding: 'We're still in the rebuild mode and will be for some time.' Addressing the nature of the attack, Mr Norman told MPs the hackers 'never send you a letter signed Scattered Spider'. He said: 'The attacker works through intermediaries — in this case DragonForce, who are a ransomware operation based, we believe, in Asia.' However, Mr Norman stopped short of talking about the nature of the discussions that had taken place with the hackers. Online orders were restored on June 10, but click and collect remains unavailable. M&S said it is working to strengthen cybersecurity to prevent future attacks. 1 DODGY PADS BANK FINE DIGITAL bank Monzo has been fined £21.1million for allowing customers to register accounts with fake addresses such as Buckingham Palace. Protect Your Android: Security Tips to Prevent Cyber Attacks The Financial Conduct Authority said Monzo accepted 'implausible' information between 2018 and 2020. Accounts were opened with PO Boxes, foreign addresses with UK postcodes and famous landmarks. The regulator said Monzo's systems failed to keep up with its rapid growth. The fine was reduced from £30million after the bank resolved the issues. KATE FAVE FAILS SERAPHINE, the maternity fashion brand loved by the Princess of Wales, crashed into administration yesterday. Its collapse — blamed on rising prices — has left the majority of its 95 staff redundant. Known for its stylish maternity wear, the retailer rose to fame after Princess Kate wore its designs during her pregnancies. At its peak, Seraphine had ten stores worldwide, including in New York and Paris. PREPAY COMPO OCTOPUS ENERGY has paid out £1.5million in compensation after regulator Ofgem found more than 34,000 prepayment meter customers did not receive their final bills within six weeks. Octopus agreed to pay an average of £43 per customer in refunds for leftover credit and compensation. Ofgem said final bills are especially important for those on low incomes so they know where they stand.
Fashion Network
08-07-2025
- Business
- Fashion Network
UK companies should have to disclose major cyberattacks, M&S says
British businesses should be legally required to report material cyberattacks to the authorities, the chairman of retailer Marks & Spencer said on Tuesday, claiming two recent major attacks on large UK firms had gone unreported. Giving evidence to lawmakers on parliament's Business and Trade Committee on the April cyberattack which forced M&S to suspend online shopping for nearly seven weeks, Archie Norman said the group had learnt that "quite a large number" of serious cyberattacks never get reported to the National Cyber Security Centre (NCSC). "In fact we have reason to believe there've been two major cyberattacks on large British companies in the last four months which have gone unreported," he said. Norman said that meant there was "a big deficit" in knowledge in the cybersecurity space. "So I don't think it would be regulatory overkill to say if you have a material attack ... for companies of a certain size you are required within a time limit to report those to the NCSC." Norman declined to say if M&S had paid any ransom but said that subject was "fully shared" with the National Crime Agency and other authorities. He said "loosely aligned parties" worked together on the M&S cyberattack. "We believe in this case there was the instigator of the attack and then, believed to be DragonForce, who were a ransomware operation based, we believe, in Asia." A hacking collective known as Scattered Spider that deploys ransomware from DragonForce has previously been blamed in the media for the attack. "When this happens you don't know who the attacker is, and in fact they never send you a letter signed Scattered Spider, that doesn't happen," said Norman. He said M&S didn't hear from the threat actor for about a week after it initially penetrated its systems on April 17 through a "social engineering" operation. In May, M&S said the attack would cost it about 300 million pounds ($409 million) in lost operating profit. Norman said M&S was fortunate in having doubled its cyberattack insurance cover last year, though its claim could take 18 months to process. M&S resumed taking online orders for clothing lines on June 10 after a 46-day suspension but is yet to restore click and collect services. Last week, M&S CEO Stuart Machin told investors the group would be over the worst of the fallout from the attack by August. Nick Folland, M&S' General Counsel, told the lawmakers a major lesson from the crisis for businesses generally was to make sure they can operate with pen and paper. "That's what you need to be able to do for a period of time whilst all of your systems are down," he said.
