ross.kelly@futurenet.com (Ross@Latest from ITPro in News
//
Marks & Spencer (M&S), a major British retailer, has confirmed that it is currently managing a cybersecurity incident. This confirmation follows several days of reported service disruptions affecting store operations and customer experiences. The company issued a statement acknowledging the incident and apologized to customers for any inconvenience caused. M&S has implemented operational changes to protect the business and its customers during this time.
Customer impact includes disruptions to contactless payments, online orders, and the Click & Collect service. Some customers reported issues as far back as Saturday through social media platform X, ranging from returns being unavailable to Click & Collect orders being delayed or unavailable. While M&S stated that stores remain open, the website and app are operating normally, and contactless payments are working again, the company is working hard to resolve the remaining technical issues. M&S claims it serves 32 million customers every year.
In response to the cyber incident, Marks & Spencer has engaged external cybersecurity experts to investigate the matter and strengthen its network security. The company has also notified the Information Commissioner's Office (ICO) and the National Cyber Security Centre (NCSC). While the exact nature of the cyberattack and the extent of any potential data breach have not been fully disclosed, M&S has assured customers that it is taking the situation seriously and will provide updates as appropriate. Customer trust is incredibly important to the company and if the situation changes an update will be provided as appropriate.
References :
- CyberInsider: Marks & Spencer (M&S) has confirmed it is responding to a cybersecurity incident that has caused disruptions across its UK retail operations, including outages in payment systems and delays in store services such as order pick-ups and click-and-collect.
- techcrunch.com: The company said it was necessary to make operational changes to protect the business.
- www.itpro.com: Retail giant Marks & Spencer (M&S) has revealed it has been dealing with a “cyber incident†in recent days and apologized to customers amid disruption complaints.
- The Register - Security: Retailer tight-lipped on details as digital hiccup disrupts customer orders UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days."…
- cyberinsider.com: Marks & Spencer (M&S) has confirmed it is responding to a cybersecurity incident that has caused disruptions across its UK retail operations, including outages in payment systems and delays in store services such as order pick-ups and click-and-collect.
- Zack Whittaker: New, by me: Marks & Spencer has confirmed a cyber incident, as customers report disruption and outages. The U.K.-headquartered retail giant said it made operational changes to "protect" the business, and has notified data protection authorities.
- The DefendOps Diaries: The Defend Ops Diaries article on Marks & Spencer Cyberattack: A Wake-Up Call for Retail Cybersecurity
- securityaffairs.com: Marks & Spencer (M&S) is managing a cyber incident
- techcrunch.com: TechCrunch article on Marks & Spencer confirms cybersecurity incident amid ongoing disruption
- BleepingComputer: Marks & Spencer confirms a cyberattack as customers face delayed orders
- ComputerWeekly.com: Cyber attack downs systems at Marks & Spencer
- www.cybersecurity-insiders.com: Mark & Spencer hit by Cyber Attack on Easter
- hackread.com: M&S Cyberattack Disrupts Contactless Payments and Click & Collect Services
- www.scworld.com: Marks & Spencer disrupted by cyberattack
- thecyberexpress.com: UK retail giant Marks & Spencer has confirmed it is managing a cybersecurity incident, following several days of service disruption that affected store operations and customer experiences.
- Tech Monitor: Marks & Spencer hit by cyberattack, services disrupted
- The Record: In a statement filed to London’s stock exchange on Tuesday afternoon, retailer Marks & Spencer said it made “some minor, temporary changes to our store operations†as soon as it became aware of the incident.
- bsky.app: Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. https://www.bleepingcomputer.com/news/security/marks-spencer-confirms-a-cyberattack-as-customers-face-delayed-orders/
- hackread.com: Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and…
- techinformed.com: TechInformed report on M&S cyber attack impacting click and collect.
- www.cybersecurity-insiders.com: Mark & Spencer hit by Cyber Attack on Easter
- TechInformed: M&S cyber attack impacts click and collect and contactless payments
- The Register - Security: M&S takes systems offline as 'cyber incident' lingers
- ComputerWeekly.com: M&S systems remain offline days after cyber incident
- BleepingComputer: Marks & Spencer pauses online orders after cyberattack
- The Register - Security: M&S suspends all online orders as 'cyber incident' issues worsen
- bsky.app: M&S stops online orders following cyber attack. Fall-out from this cyber attack is getting worse not better 4 days after customers were alerted to an attack.
- ComputerWeekly.com: M&S systems remain offline days after cyber incident
- www.itpro.com: M&S suspends online sales as 'cyber incident' continues
- cyberinsider.com: Marks & Spencer Suspends Online Orders Amid Ongoing Cyber Incident
- The DefendOps Diaries: Marks & Spencer Cyberattack: Operational Disruptions and Strategic Responses
- CyberInsider: Marks & Spencer Suspends Online Orders Amid Ongoing Cyber Incident
- bsky.app: Marks & Spencer has paused online orders for customers.
- go.theregister.com: One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing "cyber incident."
- research.checkpoint.com: British retailer Marks & Spencer (M&S) experienced a cyber-attack that caused disruptions to its online order system and in-store contactless payments.
Classification:
- HashTags: #cyberattack #DataBreach #retail
- Company: Marks & Spencer
- Target: Marks & Spencer
- Product: Retail Services
- Feature: Service Disruption
- Type: Hack
- Severity: Medium
Dissent@DataBreaches.Net
//
Recent data breaches have affected multiple organizations, exposing sensitive information and highlighting the importance of robust security measures. SOCRadar's Dark Web Team has uncovered several significant threats, including a breach at AUTOSUR, a French vehicle inspection company, where approximately 10.7 million customer records were leaked. The exposed data includes customer names, emails, phone numbers, hashed passwords, home addresses, vehicle information, and license plate numbers. This breach poses significant risks such as identity theft, phishing attacks, and financial fraud.
Unauthorized access to shipping portals associated with Lenovo and HP has also been detected, targeting shipment tracking activities in India. This breach could expose sensitive supply chain information. Furthermore, cybercriminals are actively exploiting the gaming and entertainment sectors, utilizing tools such as a Disney+ credential checker and exploiting a leaked FiveM database. A massive dataset of crypto and forex leads is also up for sale, creating risks of fraud and financial scams. Additionally, Cardiovascular Consultants Ltd. (CVC) in Arizona experienced a ransomware attack, impacting 484,000 patients, with data later appearing on a clear net IP address associated with “WikiLeaksV2." The breach at Sunflower and CCA impacted 220,968 individuals according to a filing with the Maine Attorney General's Office.
References :
- socradar.io: AUTOSUR Breach, FiveM Database Leak, Disney+ Account Checker, Crypto Leads & Forex Scams Exposed
- www.cysecurity.news: Sunflower and CCA Suffer Data Breaches, Exposing Hundreds of Thousands of Records
- Security - Troy Hunt: Inside the "3 Billion People" National Public Data Breach
- securityaffairs.com: California Cryobank, the largest US sperm bank, disclosed a data breach
- MSSP feed for Latest: Data Breach Hits California Cryobank
- infosec.exchange: Okay, this is not good: "Executive Summary On 21 March 2025, CloudSEK’s XVigil discovered a threat actor, "rose87168," selling 6M records exfiltrated from SSO and LDAP of Oracle Cloud. The data includes JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys."
- research.kudelskisecurity.com: Oracle Cloud SSO, LDAP Records Dumped, 140k+ Tenants Affected
Classification:
|
|
FlagThis - #dataprotection
