M&S online customers are being informed today that the compromised data could include their names, home and email addresses, and phone numbers, but not “useable payment or card details, which we do not hold on our systems, and it does not include any account passwords,” the company stated. “There is no evidence that this data has been shared,” added the M&S statement, which told customers there was no need for them to take any additional actions, although they will be asked to reset their passwords the next time they log in. British retailer Marks and Spencer (M&S) announced on Tuesday that it was writing to customers to confirm their personal data had been compromised in a recent cyberattack. It comes as shelves at fellow British retail group the Co-op are running increasingly depleted following another cyberattack detected shortly after the M&S incident. While all three incidents have been claimed by the DragonForce ransomware group, such groups are known to make false claims and there has been no independent confirmation of the nature of the attacks. The NCSC, a part of cyber and signals intelligence agency GCHQ, said: “Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor or whether there is no link between them at all. It follows the company announcing in April that it had been managing a cyber incident that was causing disruption to its operations.
This Cyber News was published on therecord.media. Publication date: Tue, 13 May 2025 11:54:58 +0000