Marks & Spencer Hit by Major Cyberattack Linked to Ransomware Group
Nearly a week ago, British retail giant Marks & Spencer (M&S) suffered a significant cyberattack that plunged the company into operational chaos. The attack, believed to have been orchestrated by the notorious cybercriminal group DragonForce, reportedly involved a powerful ransomware variant that crippled M&S’s IT systems and could leave lasting damage.
Ongoing Disruptions for Customers and Staff
Since the incident, M&S’s IT teams have been working tirelessly to restore operations. Despite their efforts, customers continue to report disruptions, especially with online services and website functionality. Internally, the retailer’s networks were severely impacted, affecting both employee workflows and customer-facing platforms.
DragonForce’s Modus Operandi
DragonForce is well-known in cybersecurity circles for its “double extortion” tactics. This method involves breaching a company’s network, stealing sensitive data, and then encrypting it—rendering systems unusable until a ransom is paid, typically in untraceable cryptocurrency. Even when victims comply, there's no guarantee the stolen data won’t be leaked or sold on the dark web.
Marks & Spencer Remains Silent
To date, M&S has not officially confirmed DragonForce’s involvement or disclosed details about the extent of the breach. The company has opted for a quiet response, focusing on internal recovery and delaying public disclosure. This silence has led to public speculation and concern over how deeply the attackers may have penetrated M&S’s infrastructure.
Complicating matters further, some reports suggest another group—Scattered Spider—may also be behind the attack. This hacking collective, allegedly composed of English-speaking teenagers as young as 16, is known for targeting large corporations. The Metropolitan Police, in coordination with the UK’s National Cyber Security Centre (NCSC), is actively investigating.
Wider Implications of the Breach
High-profile cyberattacks like this don’t just disrupt operations—they also threaten brand reputation and consumer trust. For a company like M&S, known for its longstanding customer relationships, such an incident risks undermining years of credibility.
Law enforcement agencies, including the FBI and Europol, consistently warn against paying ransoms. Doing so not only fuels cybercrime but also fails to guarantee resolution. In some cases, companies that pay are attacked again, having marked themselves as vulnerable targets.
The Long Shadow of Data Theft
Beyond system outages, the real threat lies in data theft. If customer or employee data stolen during the attack is sold online, victims could be exposed to identity theft, fraud, and phishing schemes. For M&S, the risk of sensitive customer information appearing on the dark web is a serious long-term concern, with potential fallout lasting months or even years.
As investigations continue, both consumers and cybersecurity experts await more information, hoping that M&S will soon address the breach and reinforce its digital defenses.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
