Latest news with #DragonForce
Daily Mail
3 days ago
- Business
- Daily Mail
Major supermarket to give shoppers bonus £10 off after cyber attack - but customers aren't happy
Co-op is set to offer its members a discount on its shop after a cyber attack which saw customer data being stolen. The grocery chain said it is offering £10 off a minimum £40 shopping bill after the attack. The one-time offer starts Wednesday and runs for a week and is available to current Co-op members and new sign-ups, but excludes staff. A source at Co-op told the BBC sales have picked up strongly in recent weeks as stock levels have returned to normal. The source added the deal was intended to show that Co-op was 'on the front foot' ahead of the busy summer trading period. But customers are not happy with this offer with one saying: 'This isn't compensation, it's marketing.' Earlier this year, Co-op faced a major cyber attack that disrupted its operations and exposed customer data. In May 2025, hackers broke into the supermarket's IT systems, stealing past and present member information. The criminal group calling itself DragonForce, said it had infiltrated the company's IT network and stolen both customer and employee data in its cyber attack. This incident was part of a wider wave of attacks hitting other UK retailers like Harrods and M&S. Now, the brand is offering this discount in a bid to woo its customers but retail consultant Catherine Shuttleworth said the offer showed that members may have already decided to go elsewhere for their shopping. The brand said if members spend £40 or more in store, they will get £10 off their shop. But Ms Shuttleworth said the £40 minimum spend is too high for Co-op shoppers, who usually spend around £10 to £15. Customers have also echoed this sentiment, with one taking to social media, saying: 'What a joke, a £40 shop at the co-op is basically a £30 shop anywhere else 'Don't think I've ever spent more than £20, there's a reason I only pop in for a few bits that the weekly shop didn't cover 'This isn't compensation, it's marketing.' Another shopper said: 'So that would bring a £30 shop elsewhere down to £35 at the Co-op.' The retail giant initially downplayed the attack by saying it had 'pre-emptively' shut down parts of its IT network after detecting an attempted breach. But the anonymous hackers behind DragonForce contacted the BBC with evidence of databases they had accessed, containing the user names and passwords of all employees, as well as customer membership card numbers, their names, home and email addresses and phone numbers. The BBC said hackers sent the first extortion message to Co-op's head of cyber security in an internal Microsoft Teams chat on April 25. The message read: 'Hello, we exfiltrated the data from your company. We have customer database, and Co-op member card data.' The chain conceded 'personal data such as names and contact details' had been taken from its membership scheme after the devastating scale of the attack was revealed. Cop-Op has been approached for comment.
The Independent
11-06-2025
- Business
- The Independent
Everything we know about the two hacker groups who carried out M&S cyberattack
Marks & Spencer has resumed online orders after a cyberattack that is expected to cost the retailer £300 million in profits this year. The cyberattack, which M&S disclosed on April 22, disrupted online operations and halted contactless payments, potentially compromising customer data. Two hacker groups, DragonForce and Scattered Spider, have been linked to the attack; DragonForce reportedly demanded ransom, while Scattered Spider is known for social engineering tactics. M&S revealed last month that the attack was caused by 'human error'. The National Cyber Crime Unit (NCA) is investigating the cyber incidents affecting the retail sector and encourages businesses to implement effective cybersecurity measures.
The Independent
10-06-2025
- Business
- The Independent
DragonForce and Scattered Spider: Inside the hacker groups linked to M&S cyberattack
Marks & Spencer has finally reopened its online orders, months after a cyber attack which is set to cost the British high street retailer £300 million in profits this year. This comes as a new hacking group has been connected with the incident, after it was revealed the DragonForce group sent M&S CEO Stuart Machin an email days after it faced a major cyberattack gloating about the hack and demanding ransom payment. The email, seen and reported by the BBC, said: 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers.' DragonForce aren't the only group that have been connected with the attack on the retailer, as the Scattered Spider network had previously been named as the enactors of the social engineering attack. According to Sergey Shyekevich, a researcher from cybersecurity company Checkpoint, more hacker groups are forming alliances on the dark web. 'Co-operation between two powerful groups is very interesting,' he says. 'It's one outcome we see on the dark web more and more, alliances between big groups.' Here's all we know about the two hacker groups What is DragonForce? DragonForce is a hacker organisation that offers Ransomware to cyber-criminal affiliates for a 20 per cent cut of any ransoms collected. This means that for a fee, they lease out their malware through dark web marketplaces to cyber-criminals. While the organisation originally started working in 2023, they've had a massive re-marketing of their business model in the past couple of months. 'In the last two months, they started to become very active in one of the biggest dark web forums,' says Sergey, who says they have marketed themselves as a 'Ransomware Cartel', cornering that market on the dark web in the past month. 'They started being more aggressive I think a few weeks before all the attacks in the UK,' he adds. Researchers have claimed they operate out of Malaysia, with some disputing this and saying they are located in Russia. As well as the M&S hack, DragonForce has been linked to the Co-op cyberattack. What is Scattered Spider? Scattered Spider is a community of hackers that targets huge organisations across different sectors using social engineering tactics. 'They're very good at social engineering of different types,' Sergey says, adding that in the past they have used SIM swapping and impersonated IT staff to trick people into letting them use their systems. Believed to be a community of young adults across the US and UK, the group gained notoriety for their involvement in hacking and extorting two of the largest casino and gambling companies in the United States. 'They understand human nature and how big corporations work,' says Sergey. 'They're very successful.' In 2023 they were linked to the hacking and extortion of Caesars Entertainment and MGM Resorts International, which led the former to pay a ransom of approximately £11 million ($15 million). They were able to access a significant number of driver's licence numbers and possibly even Social Security numbers of the casino customers through the ransomware demand. A 17-year-old hacker from the United Kingdom was arrested in connection with the hack and attempted ransom in July 2024. How did the cyberattack happen? M&S first disclosed they had experienced a cyberattack on 22 April, which had disrupted their online operations and even halted contactless payments. Hundreds of agency workers at the company were told not to come into work as the retailer dealt with the fallout of the cyberattack. Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was also taken by hackers in the attack. M&S revealed last month that the attack was caused by 'human error', as Mr Machin said in an annual figures report in May that the hackers gained access to the company's IT systems through a third party. He said at the time: 'We didn't leave the door open, this wasn't anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.' Responding to attacks on the retail sector, the NCSC put out advice to the industry and responded to speculation that the Scattered Spider group had used social engineering to target IT help desks and perform password and MFA (multi-factor authentication) resets. 'Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant,' their blog post wrote. 'Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.' Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said: 'Specialist NCA cybercrime officers are working closely with law enforcement partners to investigate the recent cyber incidents affecting the retail sector. Identifying the criminals responsible and bringing them to justice is a top priority. 'We are considering the incidents individually, but have a range of hypotheses and are mindful they may be linked. 'The impact of these incidents has been significant and businesses will understandably be concerned. I'd encourage all organisations to follow advice on the NCSC's website to ensure they have effective cyber security measures in place to help prevent attacks. 'I'd also urge those that do unfortunately fall victim to an attack to engage with law enforcement as part of the reporting process. The NCA and policing will investigate covertly and discreetly, as well as support the recovery of systems and data.' How much money has M&S lost? The fallout from the cyberattack saw the company lose £650 million of value in a matter of days. M&S said it expected to take an estimated £300 million hit to profits this year, as they predicted disruption to its online business to last into July. What has M&S said in response? As M&S reopened its online operations, they put out a statement which said: 'You can now place online orders with standard delivery to England, Scotland and Wales. Delivery to Northern Ireland will resume in the coming weeks. 'We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks.'
Irish Examiner
10-06-2025
- Business
- Irish Examiner
M&S 'working hard' to restore online orders for Irish customers following hack
Marks & Spencer said it is "working hard" to resume online orders for Irish customers following a crippling cyber attack after reopened its website to shoppers in Britain on Tuesday. The retailer was forced to halt internet orders in April amid heavy disruptions caused by the attack. M&S halted orders on its website over the Easter weekend, and was also left with some empty shelves after being targeted by hackers. Customer personal data - which could have included names, email addresses, postal addresses and dates of birth - was also taken by hackers in the attack. A ransomware gang known as DragonForce claimed responsibility for the hack. M&S said on Tuesday a selection of its best-selling fashion ranges and new products for available for home delivery to England, Scotland and Wales. Online shoppers on the island of Ireland face a longer wait, however. "We are working hard to resume online orders for our valued customers in the Republic of Ireland as quickly as we can. Meanwhile, M&S fashion, home and beauty is available to shop in our stores. We are grateful to our customers for their continued support," an M&S spokesperson said. M&S revealed last month that the hack will cost the company around £300m (€354m). M&S chief executive Stuart Machin said on reporting annual figures in May that hackers gained access to the company's IT systems through a third party. Mr Machin said the problems may not be fully resolved until July. "We have to be vigilant and lucky every day — threat actors only have to be lucky once," Mr Machine said. "We didn't leave the door open, this wasn't anything to do with underinvestment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error." While its 565 stores have been able to remain open and trade throughout, contactless payments were impacted initially - while there was also some stock availability issues as it had to temporarily switch to manual processes following the attack. M&S said that while the incident is likely to drag its group operating profits down this year, it expects this to be reduced through cost management, insurance, and other reactions. The company suggested it could reduce the impact of the attack by as much as "half". Shares in M&S lifted 3% in Tuesday morning trading.
Daily Mirror
10-06-2025
- Business
- Daily Mirror
M&S restarts online orders six weeks after cyber attack—but there's a catch
Marks & Spencer has finally announced that online orders are back up and running following April's cyber attack, meaning shoppers can now shop the new summer collection online - but there's one catch If you've been trying to place an online order with Marks & Spencer recently and found yourself out of luck, you're definitely not alone. M&S has been battling with the fallout from a major cyberattack that hit over the Easter weekend, forcing them to pull the plug on their UK online orders since April 25. But this week brings plenty of good news, as Marks & Spencer has just announced their online orders are back up and running as normal, except for one small caveat. It was revealed that the hack, carried out by a group known as DragonForce (also sometimes called Scattered Spider), exposed customer data like names, addresses, and order histories. Thankfully, card details and passwords stayed safe. Still, it's been a bit of a digital disaster, with even in-store services like contactless payments and click-and-collect being affected. Jayne Wall, operations director for M&S, wrote on the matter a few weeks ago: "To proactively manage the incident, we immediately took steps to protect our systems and engaged leading cyber security experts. We also reported the incident to relevant government authorities and law enforcement, with whom we continue to work closely. Unfortunately, the nature of the incident means that some personal customer data has been taken, but there is no evidence that it has been shared." It's said that the retailer's been losing around £4 million a day in online sales, and while their physical stores are still open, there's been little hope of a confirmed date for when the website will be back in action - until today. M&S has been working closely with cybersecurity experts and has already asked customers to reset their passwords as a precaution. It's clear they have been taking the situation seriously, and now the wait is finally over, as you can return to shopping online at M&S to your heart's content. The small catch? M&S have just warned that due to last month's debacle with online ordering, delivery times are now expected to be longer than Marks & Spencer's shoppers have been used to. It's expected that deliveries may now take up to 10 days. There's been no indication for how long these longer wait times will last, but dedicated M&S lovers will no doubt just be grateful to return to online shopping like old times. So, what have we missed and what is there for you to shop today? Since the cyberattack first started, Marks & Spencer has released its summer wardrobe collection, which is now available to shop online. It is worth noting that since we've all been suffering from M&S online shopping withdrawal, many products have been scooped up at near record speed, meaning there's a lot that's already sold out. But we've found our top five things to shop that are still stocked in most sizes. Check out this Pure Cotton Denim Mini Shift Dress (£35) which comes in two colourways, blue denim or Ecru beige, and sizes 6 to 18 in petite, regular and tall measurements. That said, some size options are sold out, so you'll need to act fast to grab yours before its gone. One shopper who bought this number shared in their 5-star review: "Fits lovely, flattering, 5ft3 and not too short. Great spring to summer dress, maybe a bit thick for full summer." If you're looking for a similar item and don't mind the price tag, or don't want to wait the ten-day delivery time, Nobody's Child has this Blue Denim Ned Pinafore Mini Dress for £69. For other dress options, this Halter Neck Mini Beach Dress (£59) is a hit with shoppers as it's touted as a popular item. Still available in sizes 10 to 18, this piece is selling like hot cakes, so you'll want to hurry. Marks & Spencer is offering this 360 Tummy Control Plunge Swimsuit (£35) to cover all of your summer and holiday needs. Also named a popular piece, this swimsuit is available in a range of colours and sizes to ensure the best fit on all body types, making it a must-have for your summer holiday abroad. A trending pick for summer 2025, shoppers can't go wrong with a solid pair of linen trousers. These Pure Linen Palazzo Trousers (£45) are loved by online and in-store shoppers alike, as well as celebrities, and they're selling like hotcakes, so you'll need to be quick to secure yours before it's gone. If your size has already sold out, Boden is offering these Islington Linen Trousers for £98. Finally, these Leather Buckle Flatform Sandals (£49.50) are set to be your new go-to shoe for the spring and summer months. With a simple and versatile design, they are perfect for everything from walking around a new city to spending days on the beach.
