Breaking
July 9, 2025

M&S thinks it might finally know what caused cyberattack – but still won’t say if it paid a ransom | usagoldmines.com

  • M&S chairman Archie Norman attributes recent ransomware attack to DragonForce
  • Law enforcement is still involved, and we don’t know any ransom details
  • Norman is calling for greater transparency and cyberattack reporting

M&S is still refusing to confirm whether it paid a ransom following a recent major cyberattack, but at least we have an indication of its cause.

It’s believed the attack was carried out by DragonForce, a ransomware operation believed to be based in Asia or Russia – a separate group from hacktivists at the similarly-named DragonForce Malaysia.

M&S chairman Archie Norman explained disclosing details of any ransom would not be in the public interest, given that law enforcement agencies are still involved with the case.

M&S shares more information on attack

“We’ve said that we are not discussing any of the details of our interaction with the threat actor,” Norman, speaking at a UK Parliament heading on cyberattacks in the retail sector, stressed.

We now know the initial breach occurred via social engineering, with the attacker impersonating an M&S worker and tricking a third party into resetting an employee’s password.

The Financial Times revealed just weeks after the cyberattack that Tata Consultancy Services, a third party that M&S uses to help manage help desk support could have been inadvertently tied up in the breach.

Attackers threatened to leak the acquired data, but they also encrypted it from M&S in what’s known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, phone numbers, household information and order histories were all included.

150GB of data was reportedly stolen before M&S shut down systems to prevent further spread, leading to delivery disruptions. Recovery efforts are still ongoing, with Norman expecting full recovery by October or November 2025.

DragonForce has not posted M&S data, possibly implying that a ransom could have been paid or that negotiations are ongoing.

Looking ahead, Norman is calling for more transparency around reporting cyberattacks: “We have reason to believe there’ve been two major cyberattacks on large British companies in the last four months which have gone unreported,” he said.

Via Reuters

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.