Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Marks & Spencer Says Data Stolen in Ransomware Attack

Marks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group.

United Natural Foods cyberattack

UK retailer Marks & Spencer (M&S) on Tuesday revealed that customer information was stolen in a disruptive cyberattack that occurred over the Easter holiday.

The incident forced the retail giant to suspend online purchases, which remain unavailable. The attack was claimed by the DragonForce ransomware group, which also targeted Co-op and Harrods.

“Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,” M&S says in a fresh filing with the London Stock Exchange.

The compromised information includes names, addresses, email addresses, phone numbers, dates of birth, online order history, household information, and ‘masked’ details of the payment card used for online purchases, M&S says in a notice on its website.

For individuals who have or had an M&S credit card or Sparks Pay, customer reference numbers may have been compromised as well.

“Importantly, the data does not include usable card or payment details,” M&S notes, pointing out that it does not store full payment card details.

Advertisement. Scroll to continue reading.

The company says it has reset user passwords, notifying customers that they would be prompted to choose a new password when accessing their M&S.com accounts.

“Importantly, there is no evidence that this data has been shared and it does not include usable card or payment details, or account passwords, so there is no need for customers to take any action,” the retailer says.

However, it also warns customers that they may receive fraudulent emails, calls, or text messages impersonating M&S, urging them to treat such communication with caution and to never share their personal account information or passwords. 

“The exposed personal details will likely be used or sold on the dark web to aid social engineering attacks. With this kind of context, attackers can craft convincing, tailored scams that appear legitimate, from fake delivery updates to bogus account notifications. We often see this kind of breach followed by a wave of personalized phishing attempts. Anyone with an M&S account should be extra cautious and stay alert for emails or texts claiming to be from the retailer,” Pistachio CEO and founder Joe Jones said in an emailed comment.

Related: Suspected DoppelPaymer Ransomware Group Member Arrested

Related: Ukrainian Nefilim Ransomware Affiliate Extradited to US

Related: Ahold Delhaize Confirms Data Stolen in Ransomware Attack

Related: Kidney Dialysis Services Provider DaVita Hit by Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.