Marks & Spencer (M&S) has confirmed that customer data was accessed during a recent cyber attack, which disrupted its digital operations over the Easter weekend. The retail giant has asked customers to reset their account passwords as a precaution, although the company clarified that no payment details, passwords, or sensitive financial information were compromised or shared.
Despite initial reports pointing to the notorious ransomware group Scattered Spider, a group identifying itself as ‘DragonForce’ has claimed responsibility for the attack on M&S, as well as similar breaches involving The Co-operative Group and Harrods. DragonForce denied any affiliation with Scattered Spider, though cybersecurity experts suggest the tactics used—including social engineering, SIM swapping, and phishing—mirror methods commonly attributed to Scattered Spider.
Cybersecurity analyst Adi Bleih from Cyberint noted that while Scattered Spider hasn’t officially taken credit, the techniques observed in the breach strongly resemble the group’s known strategies. It’s likely the group played a role in the initial system infiltration, with DragonForce or its affiliates executing the ransomware and extortion phase.
M&S has since engaged external cybersecurity specialists to reinforce its systems and has reported the incident to law enforcement and relevant government bodies. The company continues to recover from the breach, with online operations still disrupted and a 15% dip in its share price. Analysts estimate the attack has cost M&S around £3.5 million and erased £1.3 billion from its market value.
Lisa Forte, partner at Red Goat Security, praised M&S for handling the incident responsibly, highlighting the complex balance between prompt public disclosure and the risk of inciting panic. Meanwhile, cybersecurity advisor Jake Moore at ESET emphasized how such incidents erode customer trust and have long-term financial consequences for major retailers.
M&S remains committed to restoring full operational stability while maintaining transparency as the investigation unfolds.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITpro.com
