Customer Data stolen in M&S attack.

UK based retailer M&S recently announced via the companies’ Instagram that during their cyber incident towards the end of April last month that customer data had been stolen however no action would be required for customers. Some of the stolen data includes: Name, Date of birth, Telephone number, Home address, Household information, Email address and Online order history. M&S have also confirmed that no card payment details or passwords were stolen during the breach. 

Now attackers have access to this identifiable information there are concerns that this will lead to phishing attacks targeting those in the data breach, as such the retailer have also provided some basic advice around staying safe online. M&S have also announced that as a precaution, they will push a password reset across their customers for when they next login to their accounts. At the time of writing, the attack is still causing an outage on their app and online shopping still being unavailable.

This attack alongside recent attacks against the CO-OP and Harrods have all been attributed to the Scattered Spider group who use Dragonforce Ransomware in their attacks and have been known to target specific sectors in clusters of attacks.

Previously the group made headlines when they committed attacks against Caesars and MGM in mid-2023, financial services in late 2023 and food services in May 2024. The group are notable as well as they are believed to be mostly native English speakers with suspected teenage members from the UK and US.

Following these recent attacks, the NCSC has published a blog with dedicated advice on how customers can protect themselves: Incidents impacting retailers – recommendations from the NCSC - NCSC.GOV.UK