UK retailer Marks & Spencer (M&S) announced a cyberattack during the Easter holiday that led to the theft of customer data and the suspension of online shopping. The attack was claimed by the DragonForce ransomware group, which also targeted other major retailers.
Affected: M&S customers and online shopping system
Affected: M&S customers and online shopping system
Keypoints
- The cyberattack on M&S resulted in the theft of personal customer information, including names, addresses, contact details, and online order history.
- The incident led to the temporary suspension of online purchases on the M&S website.
- The DragonForce ransomware group claimed responsibility for the attack, which also targeted Co-op and Harrods.
- Compromised data does not include full payment or card details, as M&S does not store complete payment information.
- M&S has reset customer passwords and advised users to choose new passwords upon next login.
- Customers are warned to be vigilant against fraudulent emails, calls, or texts impersonating M&S, as stolen data may be sold on the dark web for scams.
- Authorities and cybersecurity experts recommend heightened caution to prevent social engineering attacks following such data breaches.
Read More: https://www.securityweek.com/marks-spencer-says-data-stolen-in-ransomware-attack/