Keypoints
- The initial breach on April 17th involved social engineering and impersonation tactics.
- Threat actors impersonated an employee to trick a third-party, Tata Consultancy Services, into resetting credentials.
- The DragonForce ransomware, believed to operate from Asia, was used to encrypt systems and steal data.
- M&S took a cautious approach, involving authorities and avoiding direct negotiations with attackers.
- The attack resulted in over 150GB of data possibly being stolen, with signs of ransom negotiations or payments.