{"id":5909,"date":"2025-05-18T04:36:41","date_gmt":"2025-05-17T20:36:41","guid":{"rendered":"https:\/\/cicserver.com\/ms-confirms-customer-personal-data-was-stolen-in-recent-attack\/"},"modified":"2025-05-18T04:36:41","modified_gmt":"2025-05-17T20:36:41","slug":"ms-confirms-customer-personal-data-was-stolen-in-recent-attack","status":"publish","type":"post","link":"https:\/\/cicserver.com\/de\/ms-confirms-customer-personal-data-was-stolen-in-recent-attack\/","title":{"rendered":"M&#038;S confirms customer personal data was stolen in recent attack"},"content":{"rendered":"<p><br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/ihoBiYYouKcowC7MrFWffk.jpg\" \/><\/p>\n<div id=\"article-body\">\n<p>Marks &amp; Spencer (M&amp;S) has admitted that some customer data was accessed in the <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/business\/m-and-s-calls-in-ncsc-after-cyber-incident-disrupts-customer-payments-online-orders\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/business\/m-and-s-calls-in-ncsc-after-cyber-incident-disrupts-customer-payments-online-orders\">recent cyber attack<\/a> on the company.<\/p>\n<p>The firm said customers will be asked reset their password next time they visit their M&amp;S account as a precaution.<\/p>\n<aside data-block-type=\"embed\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" class=\"hawk-base\"\/>\n<p>But in a statement the retailer stated: &#8220;Importantly, there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.&#8221;<\/p>\n<p>M&amp;S has been struggling with the after-effects of the hack since the Easter weekend, having been forced to <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/marks-and-spencer-cyber-incident-update\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/marks-and-spencer-cyber-incident-update\"><u>suspend online and app sales<\/u><\/a> the following week.<\/p>\n<p>Initial <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/cyber-crime\/scattered-spider-group-marks-and-spencer\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/cyber-crime\/scattered-spider-group-marks-and-spencer\"><u>reports linked Scattered Spider<\/u><\/a>, a <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/ransomware\/new-ransomware-groups-worrying-security-researchers\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/ransomware\/new-ransomware-groups-worrying-security-researchers\"><u>ransomware group<\/u><\/a> known for its <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/infrastructure\/server-storage\/354812\/mgm-hotels-hack-sees-106-million-customer-accounts-exposed\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/infrastructure\/server-storage\/354812\/mgm-hotels-hack-sees-106-million-customer-accounts-exposed\"><u>high-profile attack on MGM Resorts<\/u><\/a>, to the attack on M&amp;S as well as on <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/co-op-cyber-attack\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/co-op-cyber-attack\"><u>The Co-operative Group<\/u><\/a> and <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/harrods-cyber-attack\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/harrods-cyber-attack\"><u>Harrods<\/u><\/a>. But in contact with the <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.bbc.co.uk\/news\/articles\/c4grn878712o\" data-url=\"https:\/\/www.bbc.co.uk\/news\/articles\/c4grn878712o\" target=\"_blank\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\"><u><em>BBC<\/em><\/u><\/a> the group behind the attacks identified itself as \u2018DragonForce\u2019 and denied any links with Scattered Spider.<\/p>\n<p>DragonForce could be an official affiliate of Scattered Spider or simply using some of its tools and techniques. Reports around the M&amp;S attack have suggested social engineering was used as an attack vector, the same method used to breach MGM Resorts. Other methods include Telegram and SMS phishing, <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/cisa-urges-organizations-to-adopt-passwordless-security-in-lapsusdollar-report\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/cisa-urges-organizations-to-adopt-passwordless-security-in-lapsusdollar-report\"><u>SIM swapping<\/u><\/a>, and exploiting <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/cyber-security\/369745\/what-is-mfa-fatigue\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/cyber-security\/369745\/what-is-mfa-fatigue\"><u>multi-factor authentication fatigue<\/u><\/a>. Members of the group often pose as IT staff to trick workers into sharing their credentials or granting remote access to their computers.<\/p>\n<p>&#8220;While Scattered Spider has not publicly claimed responsibility for the UK retail intrusions, the initial access tactics, cloud exploitation, and social engineering techniques observed in those breaches align closely with the group\u2019s known behaviour,&#8221; said Adi Bleih, a security researcher at Cyberint.<\/p>\n<div id=\"slice-container-newsletterForm-articleInbodyContent-NH6UBxvEoi2suFmjdG9jVm\" class=\"slice-container newsletter-inbodyContent-slice newsletterForm-articleInbodyContent-NH6UBxvEoi2suFmjdG9jVm slice-container-newsletterForm\">\n<div data-hydrate=\"true\" class=\"newsletter-form__wrapper newsletter-form__wrapper--inbodyContent\">\n<div class=\"newsletter-form__container\">\n<section class=\"newsletter-form__top-bar\"\/>\n<section class=\"newsletter-form__main-section\">\n<p class=\"newsletter-form__strapline\">Sign up today and you will receive a free copy of our Future Focus 2025 report &#8211; the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives<\/p>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<p>&#8220;It is increasingly likely that Scattered Spider was involved in the early-stage intrusion, which was then followed by ransomware deployment and extortion by DragonForce or one of its affiliates.&#8221;<\/p>\n<p>M&amp;S said it has been working with external experts to help secure its systems, and has reported the incident to the appropriate government authorities and law enforcement.<\/p>\n<p>Lisa Forte, a partner at Red Goat Security, said that M&amp;S had behaved responsibly and that the attack underlined the strain security teams are under when it comes to reporting breaches.<\/p>\n<p>&#8220;This is a hard question to answer, as most of us aren\u2019t working there nor privy to the information they have. So I\u2019m withholding judgement on that, but I will say not speaking sooner puts you at risk the hackers will let it out,&#8221; she said.<\/p>\n<p>&#8220;Conversely, stating this too soon without all the facts and mitigations can cause more panic and even open consumers up to scammer risks. My answer would change dramatically if it were health info or credit card details, for instance.&#8221;<\/p>\n<p>M&amp;S continues to deal with the incident, with its share price having fallen by 15% since the indecent was first made public. Jake Moore, global cybersecurity advisor at ESET, noted the events are an important reminder of the widespread damage cyber attacks can have on enterprises.<\/p>\n<p>\u201cM&amp;S\u2019 prolonged cyber crisis is a textbook example of how attacks don\u2019t just knock systems offline, they erode brand trust, client share prices and impact sales. With \u00a33.5 million lost, \u00a31.3 billion wiped from its value and online operations still disrupted, the business is clearly feeling the long tail of this breach,\u201d he stated.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Marks &amp; Spencer (M&amp;S) has admitted that some customer data was accessed in the recent cyber attack on the company. The firm said customers will be asked reset their password next time they visit their M&amp;S account as a precaution. But in a statement the retailer stated: &#8220;Importantly, there is no evidence that the information [&hellip;]<\/p>","protected":false},"author":3,"featured_media":5910,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-5909","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog"},"_links":{"self":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5909","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/comments?post=5909"}],"version-history":[{"count":0,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5909\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media\/5910"}],"wp:attachment":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media?parent=5909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/categories?post=5909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/tags?post=5909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}