Marks and Spencer (M&S) suffered a cyberattack in April, where hackers—linked to the cybercrime groups **Scattered Spider** and **DragonForce**—accessed customer data. While no usable payment card details or passwords were stolen, compromised information includes **basic contact details, dates of birth, online order histories, and customer reference numbers** for M&S credit card or Sparks Pay holders. The attack disrupted online purchases and impacted store inventories. Customers were advised to reset passwords and remain vigilant against phishing and fraudulent communications exploiting the stolen personal data. The UK’s National Cyber Security Centre (NCSC) confirmed involvement, warning of potential follow-up social engineering attacks. Though financial data was masked, the breach poses risks of identity fraud and targeted scams.
Source: https://www.cybersecuritydive.com/news/ms-hackers-customer-data-cyberattack/747956/
TPRM report: https://www.rankiteo.com/company/marks-and-spencer
"id": "mar28102028112725",
"linkid": "marks-and-spencer",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'retail',
'location': 'United Kingdom',
'name': 'Marks and Spencer Group',
'size': 'large',
'type': 'retailer'},
{'industry': 'luxury retail',
'location': 'United Kingdom',
'name': 'Harrods',
'size': 'large',
'type': 'retailer'},
{'industry': 'supermarket',
'location': 'United Kingdom',
'name': 'Co-op',
'size': 'large',
'type': 'retailer'}],
'customer_advisories': ['password reset prompts',
'warnings about phishing/social engineering risks',
'guidance on online safety'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'moderate to high (PII, order history, '
'but no usable payment data)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'order history',
'masked payment data',
'customer reference numbers']},
'date_detected': '2024-04',
'date_publicly_disclosed': '2024-05-28',
'description': 'Marks and Spencer Group notified customers that hackers '
'accessed some of their data in an April cyberattack. The '
'stolen information includes basic contact details, dates of '
'birth, online order histories, and masked payment information '
'(unusable). Customers are prompted to reset passwords. The '
'attack disrupted online purchases and impacted store '
'inventories. The cybercrime group Scattered Spider is linked '
'to the attack, though DragonForce claimed credit.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'customer data exposure',
'data_compromised': ['basic contact details',
'dates of birth',
'online order histories',
'masked payment information',
'customer reference numbers (M&S credit '
'card/Sparks Pay holders)'],
'identity_theft_risk': 'high (due to personal details exposed)',
'operational_impact': 'disrupted online purchases and store '
'inventories',
'payment_information_risk': 'low (payment data masked and '
'unusable)',
'systems_affected': ['online purchase systems',
'store inventory systems']},
'initial_access_broker': {'high_value_targets': ['customer databases',
'online purchase systems']},
'investigation_status': 'ongoing (NCSC assisting with investigation)',
'ransomware': {'data_exfiltration': True},
'recommendations': ['customers advised to reset passwords',
'vigilance against phishing/social engineering attacks',
'NCSC guidance for mitigating future ransomware attacks'],
'references': [{'date_accessed': '2024-05-28',
'source': 'Marks and Spencer Trading Update (CEO Stuart '
'Machin)'},
{'date_accessed': '2024-05',
'source': 'U.K. National Cyber Security Centre (NCSC) '
'Statement'},
{'date_accessed': '2024-05',
'source': 'NCC Group (Matt Hull, Head of Threat '
'Intelligence)'}],
'regulatory_compliance': {'regulatory_notifications': ['U.K. National Cyber '
'Security Centre '
'(NCSC) involved']},
'response': {'communication_strategy': ['trading update from CEO Stuart '
'Machin',
'customer note from Operations '
'Director Jayne Wall',
'FAQ page for affected customers'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['password reset prompts for customers',
'customer advisories on online safety'],
'third_party_assistance': ['U.K. National Cyber Security Centre '
'(NCSC)']},
'stakeholder_advisories': ['customer notifications',
'FAQ page for affected customers'],
'threat_actor': ['Scattered Spider', 'DragonForce'],
'title': 'Marks and Spencer Data Breach (April 2024)',
'type': ['data breach', 'cyberattack']}