CyberSecurityBoard
Sponsor Register Login

Marks & Spencer confirms a cyberattack as customers face delayed orders

"Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days," reads the M&S statement. Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. The company confirmed the cybersecurity incident in a press release on the London Stock Exchange, stating that they are working with cybersecurity experts to manage and resolve the situation. M&S did not provide specific details on the nature of the cyber incident but said it notified the data protection supervisory authorities and the National Cyber Security Centre. "As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced. "The Company has engaged external cyber security experts to assist with investigating and managing the incident. In an email sent to affected customers, M&S apologized for the inconvenience and assured customers that efforts were underway to resolve the issues and resume regular service. While M&S stores, its website, and its app remain operational, the company says that the cyberattack has caused some disruption to its operations. This includes delays in its Click and Collect order system, telling customers to wait for an email stating an order is ready for pick up before coming to the store. No ransomware gangs or other threat actors have claimed responsibility for the attack, and likely won't for quite a while, as they pressure the company into paying an extortion demand. BleepingComputer contacted Marks & Spencer with questions about the attack and will update the story if we receive a reply. Lawrence Abrams Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. The company is a British multinational retailer known for selling various products, including clothing, food, and home goods. However, if ransomware is behind this attack, data is likely stolen and will be used as further leverage to convince the company to pay. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 22 Apr 2025 23:30:13 +0000


Cyber News related to Marks & Spencer confirms a cyberattack as customers face delayed orders

Marks & Spencer confirms a cyberattack as customers face delayed orders - "Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days," reads the M&S statement. Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days ...
5 hours ago Bleepingcomputer.com
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems - U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. Mr. Cooper is a mortgage lending company based out of Dallas, Texas, that employs ...
1 year ago Bleepingcomputer.com
Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
1 year ago Securityboulevard.com
Nissan is investigating cyberattack and potential data breach - Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. Details of the attack have not been published but the company informed customers ...
1 year ago Bleepingcomputer.com
Hugging Face dodged a cyber-bullet with Lasso Security's help - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens ...
1 year ago Venturebeat.com
US mortgage lender loanDepot confirms ransomware attack - Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in ...
1 year ago Bleepingcomputer.com Akira
Ace Hardware says 1,202 devices were hit during cyberattack - Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers. Ace Hardware is a hardware store retailer-owned cooperative that operates 17 distribution centers and ...
1 year ago Bleepingcomputer.com LockBit
Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive - Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. ...
1 year ago Cysecurity.news
Cyberattack on health services provider impacts 5 Canadian hospitals - A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. TransForm is a not-for-profit, shared service organization founded by ...
1 year ago Bleepingcomputer.com
Microsoft unveils Face Check for secure identity verification - Microsoft today announced the launch of Face Check, a new facial recognition feature for its Entra Verified ID digital identity platform. Face Check allows businesses to match a user's selfie to their government ID or employee credentials, providing ...
1 year ago Venturebeat.com
Staples confirms cyberattack behind service outages, delivery issues - American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data. Staples operates 994 stores in the US and Canada, along with 40 fulfillment centers ...
1 year ago Bleepingcomputer.com
CVE-2024-50150 - In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a ...
5 months ago Tenable.com
American Family Insurance confirms cyberattack is behind IT outages - Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week. American Family Insurance is an insurance company focusing on commercial and ...
1 year ago Bleepingcomputer.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
1 year ago Bleepingcomputer.com
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal - U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. LoanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing ...
1 year ago Bleepingcomputer.com
Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
1 year ago Bleepingcomputer.com LAPSUS$
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
1 year ago Cysecurity.news Meow
Exposed Hugging Face APIs Opened AI Models to Cyberattacks - Security flaws found in both Hugging Face and GitHub repositories exposed almost 1,700 API tokens, opening up AI developers to supply chain and other attacks and putting a brighter spotlight on the need to ensure that security keeps up with the ...
1 year ago Securityboulevard.com
Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
1 year ago Darkreading.com
AI platform Hugging Face says hackers stole auth tokens from Spaces - AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. Hugging Face Spaces is a repository of AI apps created and submitted by the community's users, allowing other ...
10 months ago Bleepingcomputer.com
Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
1 year ago Techtarget.com
CVE-2021-0263 - A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker ...
3 years ago
CVE-2020-1679 - On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing ...
2 years ago
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
1 year ago Bleepingcomputer.com
JD Sports Data Breach: 10 Million Customers Affected - UK sports apparel chain JD Sports is warning customers of a data breach after a server was hacked that contained online order information for 10 million customers. In data breach notices shared by affected customers, the company warns that the Attack ...
2 years ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)