Home > Security > Security News

Marks & Spencer Breach Exposes Customer Data Due to Third Party, DragonForce Claims Attack

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
Marks & Spencer Cyberattack

Marks and Spencer (M&S), a prominent British retailer, has confirmed that personal customer information was compromised following a sophisticated ransomware attack that began in April and exploited vulnerabilities through a third-party supplier with access to M&S systems.

The company acknowledged that limited customer details were extracted, but payment details or account passwords were not exposed. M&S stated there is currently no evidence indicating that the stolen data has been shared.

The breach was attributed to a group identifying as DragonForce and is believed to be stemming from a third-party provider with privileged access to the company’s systems.

M&S confirmed that stolen data could include names, dates of birth, contact details, household information, and order histories. Importantly, the company asserts that payment card details and passwords were not compromised due to robust data segmentation practices.

DragonForce breach forum post announcement in 2024
DragonForce breach forum post announcement in 2024 | Source: The Cyber Express by Cyble

This security incident forced the company to halt online orders for over three weeks and caused widespread operational disruption, including significant inventory shortages in stores after key food-related systems were taken offline.

The attack has caused significant operational and financial disruptions, leading to a notable 15% drop in the company's share price since the Easter weekend. 

Analysts estimate a profit hit of at least £30 million (approximately $39.5 million), with a run rate at approximately £15 million (about $20 million) weekly, though much of this could be covered by cyber insurance to a limited extent.

M&S has implemented enhanced security measures to prevent further vulnerabilities and reassured customers that no immediate action is required on their part. Meanwhile, the retailer’s 1,000 stores remain open.

In April, DragonForce announced the takeover of the infamous RansomHub ransomware, which is to be incorporated into its infrastructure.

Add a Comment
Related
volkswagen
Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII
ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527
Hacker Explores Kitsap Mental Health Services Systems and then Steals Data Next Month
14 Months in Prison for Securities and Exchange Commission Account Takeover and Identity Theft
The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
Army Soldier Took Photos of Undressing Children in His Home, Generated Porn and Used Encrypted Tools to Surf Child Porn
Most Popular
Materialists
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans
volkswagen
Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII
Joel and Ellie in The Last of Us Season 2 and Dina, Ellie, and JJ in The Last of Us Part 2 game
The Last of Us Season 2: How one line from Joel Foreshadows Ellie’s Failure as a Parent in Season 3
ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527
The Last of Us Season 2 Episode 6 Ending Explained: What Secret was Joel Hiding from Ellie?
Hacker Explores Kitsap Mental Health Services Systems and then Steals Data Next Month
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans
Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII
The Last of Us Season 2: How one line from Joel Foreshadows Ellie’s Failure as a Parent in Season 3
ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527
The Last of Us Season 2 Episode 6 Ending Explained: What Secret was Joel Hiding from Ellie?
Hacker Explores Kitsap Mental Health Services Systems and then Steals Data Next Month

Most Popular
Materialists
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans
volkswagen
Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII
Joel and Ellie in The Last of Us Season 2 and Dina, Ellie, and JJ in The Last of Us Part 2 game
The Last of Us Season 2: How one line from Joel Foreshadows Ellie’s Failure as a Parent in Season 3
ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527
The Last of Us Season 2 Episode 6 Ending Explained: What Secret was Joel Hiding from Ellie?
Hacker Explores Kitsap Mental Health Services Systems and then Steals Data Next Month
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans
Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII
The Last of Us Season 2: How one line from Joel Foreshadows Ellie’s Failure as a Parent in Season 3
ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527
The Last of Us Season 2 Episode 6 Ending Explained: What Secret was Joel Hiding from Ellie?
Hacker Explores Kitsap Mental Health Services Systems and then Steals Data Next Month

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: