Marks & Spencer’s Cybersecurity Snafu: Customer Data Encrypted and Exposed!
Marks and Spencer’s cyber drama unfolds as customer data takes an unauthorized vacation. While the hackers encrypted servers using ransomware, M&S reassures customers that no payment details were stolen. However, a password reset awaits anyone logging into the website. Beware of fake “we’re M&S” messages, and let the cyberthreat chuckles commence!
Hot Take:
If M&S were planning on launching a new line of cybersecurity fashion, this could be their debut. “Ransomware Chic”—where your personal data is the latest accessory no one wanted to carry. If only DragonForce ransomware affiliates would stick to breathing fire in their own lairs instead of toasting retail networks. Who knew shopping could be such a dangerous sport?
Key Points:
- M&S suffered a ransomware attack on April 22, 2025, halting online orders and encrypting servers.
- DragonForce ransomware affiliates used Scattered Spider tactics to breach the network.
- Customer data, excluding card details and passwords, was stolen but not shared.
- Customers must reset passwords but should beware of phishing attempts.
- Sparks offers are paused, and M&S is contacting affected customers.
Already a member? Log in here