M&S breach linked to DragonForce hacking group

The cyberattack is costing M&S an estimated £43 million per week in lost sales.
Hackers sent an abusive ransom demand to the M&S CEO using a compromised employee email, confirming the ransomware attack.

Marks & Spencer has confirmed that personal customer data was stolen in a recent cyberattack, including names, contact details, dates of birth, household information, and order histories. The company stressed that no useable payment details or account passwords were compromised.

The breach, which began over the Easter weekend, has disrupted online orders since April 25 and is reportedly costing M&S £43 million per week in lost sales.

Customers are being prompted to reset their passwords, and the retailer has warned users to be cautious of phishing emails or messages pretending to be from M&S.

The attack is linked to the DragonForce cybercrime group, known for double-extortion tactics—stealing and encrypting data while demanding ransom.

While no leaked M&S data has appeared online, experts say the risk of identity fraud remains high.

M&S has contacted website users, reported the breach to authorities, and is working with cybersecurity experts. The company has not disclosed how many of its 9.4 million online customers were affected.

Chief executive Stuart Machin said M&S is working ‘around the clock’ to restore services. Shares in the retailer have dropped 12% over the past month.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!