M&S hackers spent '52 hours ransacking retailer's data'
Hackers went undetected in Marks and Spencer's systems for up to 52 hours before the devastating cyber attack was finally uncovered, insiders have revealed.Believed to have been from the Scattered Spider group, the strategic attackers allegedly utilised a contractor to access the retailer's advanced IT systems. Now, three weeks on, the crisis continues to plague the British High Street staple, with staff working for up to 24 hours a day and enduring 'sleepless nights' to fix it. Speaking to The Times, a source said the fatal attack, which has since led to the company shedding £1billion worth of value on the stock exchange, was caused by a 'human error' that led to a 'colossal mistake'. With hackers having worked undetected for more than two days, crisis teams battled tirelessly to protect the beloved British store, frequented by up to 9.4million active customers, throughout the five-day 'attack phase'. Admitting that criminals were able to obtain 'masked' payment card details used for online purchases, typically a card's last four digits, other bits of possible stolen data could include a name, email address, postal address, telephone number, date of birth, online order history and household information.While it is unknown how many shoppers have been affected by the attack, several customers have reported an 'exponential' increase in the number of scam messages and emails received, pretending to be M&S. Hackers went undetected in Marks and Spencer's systems for up to 52 hours before the devastating cyber attack was finally exposed, insiders have now revealed Speaking to The Times, a source said that the fatal attack, which has caused the company to have shed £1billion worth of value on the stock exchange, was caused by a 'human error' that led to a 'colossal mistake'. Pictured: M&S chief executive Stuart Machin Pictured: Empty shelves inside an Marks & Spencer store in Paddington, London, on April 29, as a result of stock issues caused by the attack. Several customers have since reported an 'exponential' increase in the number of scam messages and emails receivedIn a previous letter addressed to customers, M&S operations director Jayne Wall urged people to be cautious and avoid giving out any personal details to unknown callers. She wrote: 'Unfortunately, the nature of the incident means that some personal customer data has been taken, but there is no evidence that it has been shared.'The personal data could include contact details, date of birth and online order history. However, importantly, the data does not include useable card or payment details, and it also does not include any account passwords.'Ms Wall added: 'You do not need to take any action, but you might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious.'Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.'While customer data has not yet appeared on leak sites, experts have not ruled out that it could be a possibility, with Rafe Pilling, director of intelligence at Sophos, an IT security company stressing that hackers could be 'leveraging data' from the breach. Comprising of predominantly British and American online hackers, the Scattered Spider group are believed to have been responsible due to the attack's pattern, alongside their use of DragonForce software to help the hackers break into the shop's system. Customer data has not yet appeared on leak sites, but experts have not ruled out that it could be a possibility, with Rafe Pilling, director of intelligence at Sophos, an IT security company stressing that hackers could be 'leveraging data' from the breach The devastating attack comes as M&S await their annual results announcement on May 21. Pictured: empty food shelves in the attack's aftermath Dan Coatsworth, investment analyst at AJ Bell, warned that 2025 'is going down in history as one of the retailer's worst ever years'The devastating attack comes as M&S await their annual financial results announcement on May 21.A world away from the overwhelming success of their previous financial year, where they made a profit of £840million, M&S chief executive Stuart Machin, alongside chairman Archie Norman, are both set to face an abundance of questions about the company's preparation for the attack.Indeed, Dan Coatsworth, investment analyst at AJ Bell, warned that 2025 'is going down in history as one of the retailer's worst ever years'.Speaking to MailOnline, he added: 'M&S has a duty to inform customers as soon as possible if their personal information has been illegally accessed, so it's worrying that the retailer took so long to go public.'While M&S shareholder Danny Wallace told The Times he felt 'disappointed' for the two businessmen, he accepted that 'somebody has to have the blame'. Meanwhile, Alan Woodward, University of Surrey cyber security professor, said that he believed the fact the store has still failed to reinstate their online sales, with customers having been unable to take any orders through the website or app since April 25, 'suggests they were a little less prepared than maybe they should have been'. On May 2, the Information Commissioner's Office said it was also looking into the attack, as well as a similar major incident involving M&S' competitor, the Co-op While stock is expected to return to stores this weekend, it is understood that it quickly pulled the plug on its computer system not long after receiving advice from M&SRead More Quick-thinking Co-op bosses foiled hack that also targeted M&S by simply turning their systems off Describing the attack as 'embarrassing, Retail expert Richard Hyman believed that the retailer, which first opened for business in 1884, would no doubt 'survive' the financial implications of the attack, alongside any damage caused to its reputation.On May 2, the Information Commissioner's Office said it was also looking into the attack, as well as a similar major incident involving M&S' competitor, the Co-op.The business was forced to issue an apology to customers after hackers accessed and extracted members' personal data, such as names and contact details, with it continuing to suffer availability problems as a result of the attack.While stock is expected to return to Co-op stores this weekend, it is understood that it quickly pulled the plug on its computer system not long after receiving advice from M&S. The National Crime Agency said: 'We are working closely with our law enforcement partners to investigate. We are considering the incidents individually. However, we are mindful they may be linked and therefore this will remain under review.'
