Up next in 10
M&S Hacked! Your Data's at Risk: What You Need To Know!
May 17, 2025
Breaking! M&S hit by a **cyber attack**! We reveal stolen customer data including contact details and order histories. Our cyber correspondent explains the ransomware tactics and M&S's difficult choices. Stay vigilant against secondary attacks! #CyberSecurity #DataBreach #CyberAttack #MarksAndSpencer #DataBreach #Ransomware #CyberSecurity #News #MSE #JoeTidy #OnlineSecurity #DataTheft
View Video Transcript
0:01
An update now on that cyber attack that
0:03
hit MX and Spencer three weeks ago. The
0:06
firms revealed some personal customer
0:08
data was stolen in the attack. The
0:10
retailer said the information taken
0:12
could also include contact details, date
0:15
of birth, and online order histories,
0:17
but it added the theft didn't include
0:19
usable payment or card details or any
0:22
passwords. M&S is still struggling to
0:24
get services back to normal with online
0:26
orders still suspended. Our cyber
0:28
correspondent Joe Tidy is with me in the
0:31
studio. Joe, just what else has emerged
0:34
about this? Well, I'm afraid, yeah, this
0:35
was a bit inevitable because we know
0:37
that the way that these ransomware
0:38
groups work is they get into a company's
0:40
system, they quite often, nearly always
0:43
now, do something called double
0:44
extortion, which means they first of all
0:46
steal a copy of whatever data they can
0:48
get and then they scramble the victim's
0:50
data. So that this instance, as we
0:52
expected, they took a load of data
0:54
before they scrambled M&S's systems. So
0:56
what we've seen the last three weeks is
0:57
the chaos of what happens when you
0:59
scramble the data. M&S now obviously no
1:01
online orders for a long time, empty
1:03
shelves in some stores, that kind of
1:05
thing. But behind the scenes, we can now
1:07
obviously know, we can reveal because
1:08
M&S have told us that they have had this
1:10
situation where the hackers have said
1:12
we've got X amount of data from
1:14
customers. So they've now got two
1:16
bargaining chips. They say, give us the
1:17
ransom that we want, often in Bitcoin.
1:20
So they'll say I don't know a few
1:21
million for example for something as big
1:22
as M&S and we'll give you the key to
1:24
unload the data to get your systems back
1:26
and up and running and we'll we won't
1:28
sell it on all the data that we've
1:29
stolen to other criminals. So now we
1:31
know that there is this massive
1:33
bargaining chip that the hackers are
1:34
hanging over M&S as you say names of
1:37
customers, date of birth, telephone
1:38
number, home address, household
1:40
information. I don't know what that
1:41
means. Household information. Um what
1:43
else could there be apart from home
1:45
address? Uh email address and order
1:47
history. And it's that last one, the
1:49
order history that would worry me the
1:50
most as a as an M&S customer because all
1:52
the other information, yes, you don't
1:54
want that in the hands of cyber
1:55
criminals. They can use that to build a
1:57
profile on you to identity identity
1:59
theft, but it's the order history. So
2:02
now they've got a really good potential
2:04
secondary attack where they can go to
2:06
customers possibly at scale and say, "We
2:09
know your order history. We are M&S.
2:11
Please give us some more details." They
2:13
can carry out more attacks using
2:14
impersonation in order to gain more
2:16
details. So, what can M&S do about it
2:19
and what can customers do about it?
2:21
Well, M&S has a very simple choice. Do
2:24
they pay the hackers or not? At the
2:25
moment, the hackers have all the power.
2:27
They've got all this data that they can
2:28
potentially sell or give away. Usually,
2:30
they give it away. They've got a darknet
2:32
website that they use in order to
2:34
publicize the data theft to other
2:36
hackers, other cyber criminals. I've
2:38
been on that this morning, been
2:39
refreshing it twice a day for the last
2:41
two weeks, waiting to see whether or not
2:42
they would post about M&S. There's still
2:44
nothing on there at the moment, but I
2:45
imagine now that M&S has done this, the
2:47
hackers will start boasting about their
2:49
hack publicly and we'll see this public
2:51
extortion. So M&S can either pay the
2:53
hackers to get this pinky promise that
2:55
they'll delete the data, which doesn't
2:57
always happen, or they can deal with the
3:00
consequences of potentially, you know,
3:01
millions of people's data out there. For
3:03
customers, the advice is be extra
3:06
vigilant, always the the same, isn't it?
3:08
Um, but it's waiting for those emails
3:10
and those potential phone calls from
3:12
secondary hackers pretending to be M&S.
3:15
That's where you want to watch out for.
3:17
That's the worry. There's no bank
3:19
details stolen, M&S is saying. So,
3:20
there's no way that we're going to see
3:22
banks being emptied by these hackers,
3:24
but it's the secondary attacks that are
3:25
potentially concerning. Also, the advice
3:27
from MS is to change passwords to your
3:29
online accounts for M&S as well. How
3:32
worried must other big companies be by
3:35
something like this? Well, these are
3:37
happening all the time. These ransomware
3:38
attacks are every single day there's
3:41
companies around the world being hit.
3:42
But what's unique about this situation
3:44
is you've got a high street brand been
3:47
hit in such a way that we are seeing the
3:49
the ramifications in front of us. I
3:52
spent a long day reporting uh last week
3:54
and getting the train home and there was
3:56
no nothing on the shelves for a snack
3:57
for me late night in M&S. So, sort of
3:59
like you're seeing the the the
4:01
consequences of these hacks which often
4:02
you don't see. Um, but the other thing,
4:05
of course, is that these hackers are
4:07
going for other retailers at the same
4:08
time. So, we know that they've attacked
4:10
Co-op. I spoke to the hackers who said
4:12
they've done Co-op, Harrods, and M&S,
4:15
and they are they're boasting about, you
4:17
know, putting UK retail on on on a hit
4:19
list, as they're calling it. I don't
4:21
think we're there. I think they're
4:22
boasting about how powerful they can be.
4:24
I think they perhaps got lucky and got
4:25
M&S and Co-op and we don't even know
4:27
what happened at Harage. It might have
4:28
been a, you know, a false alarm there.
4:29
But certainly it is a very concerning
4:31
time not just for UK retailers but for
4:33
all organizations because as I say these
4:35
hacks happening all the time. I went
4:36
went on the Dragon Force website this
4:37
morning and it's like a graveyard. You
4:39
know, there are dozens and dozens of
4:40
other organizations in exactly the same
4:42
position that haven't paid the ransom
4:44
and now the data is up there for anyone
4:46
to
#Business News
#Retail Trade
#Technology News