Scam Messages and emails increase exponentially after M & S Cyber Attack

A recent cyberattack on Marks and Spencer (M&S) has raised significant concerns, revealing that hackers infiltrated the UK-based retailer’s systems almost a week before the breach was discovered. The attack, which was first detected a couple of weeks ago, exploited a vulnerability created by human error, compromising the personal data of nearly 9.4 million active customers.

Initial investigations suggest that while the hackers gained access to sensitive information, such as order histories, dates of birth, and some payment card details (excluding CVV numbers), they did not manage to steal complete payment card data. In fact, the retailer’s IT department clarified that only certain usable card information may have been exposed, but crucial security elements like CVVs remained protected.

CEO Stuart Machin reassured customers, explaining that although the breach might have disrupted online ordering, the hackers did not access full payment card details. He further emphasized that such data is not stored long-term on M&S servers, with archives holding payment information for a maximum of 24 hours. Machin expressed confidence that the company’s technical team would restore services by the end of the month.

The attack, attributed to the DragonForce ransomware gang, is having ripple effects beyond M&S’s digital operations. Many of the retailer’s physical stores across the UK are experiencing severe product shortages, as panic buying escalates among consumers. The gang behind the attack, believed to be affiliated with the Scattered Spider cybercriminal group, is demanding a ransom of $4 million. However, M&S has made it clear that it will not be entertaining these demands.

The impact of the breach has extended to customers, with some reporting an increase in spam calls and emails. These types of cyberattacks often result in data leaks that can fuel spam campaigns, as hackers may use the stolen information for targeted scams. Despite efforts by email providers and telecom companies to mitigate these issues, customers are urged to remain vigilant. They should avoid downloading any suspicious applications or software that could potentially carry malware.

As the situation unfolds, both M&S and its customers are left to contend with the aftermath of a costly and disruptive cyberattack.