British retailer Marks & Spencer resumed their online orders 10 June after suspending website purchases 22 April following a devastating cyber attack from ransomware group, DragonForce.
M&S later revealed 13 May that customer data including telephone numbers, dates of birth, and home addresses was stolen in the attack, after previously denying that any customer data had been leaked. M&S estimated that this attack will cost them £300 million ($405,147,000) this year.
According to BBC, only fashion items would be immediately available, to Scotland, England, and Wales. The retailer said that beauty and hardware products would return in the coming days and delivery to Northern Ireland would be returned within weeks.
Marks and Spencer Not Alone in Suffering Cyber Attacks
Numerous retailers have suffered cyber attacks this year. Along with Marks & Spencer, Co-op and Harrod's were also targeted by the cybercriminal group DragonForce in late April and early May, according to InfoSecurity Magazine.
Members of DragonForce told the BBC that Co-op had downplayed how serious the breach was. They claimed to have private information of 20 million Co-op members, although Co-op did not confirm this number. Information allegedly included membership card numbers, home addresses, emails, phone numbers, and names. The hacking group sent a sample of 10,000 members' data to the BBC as proof.
Co-op released an FAQ page for members to follow in wake of the incident and issued a release about the restock of their items on the weekend of 16 May.
'Across all our businesses, our teams are working hard to ensure we continue to provide the service that you expect from our Coop,' Co-op CEO Shirine Khoury-Haq wrote in the release. 'We apologise in advance for any delays in our current service while we make sure that we bring the organisation back to normal as quickly, and as safely, as possible.'
Harrod's Department store was also targeted by an attack, but prevented any data from being leaked. The company shut down internet access in its stores in early May.
Who is Behind These Attacks?
According to InfoSecurity Magazine, DragonForce is allegedly based in Malaysia and has been active since 2023. They've targeted many companies in the Asia-Pacific region and US.
Another group, Scattered Spider, often teams up with DragonForce during these activities, too. Scattered Spider is primarily English speakers, with some members in the US and the UK. According to the Guardian, one way that this group gains access to company information is by calling help desks, posing as customers and resetting their passwords. They then upload RansomWare into the company's systems, which lock them up, and demand financial compensation to reopen the technology.
