Shocking M&S Cyber-Attack: How Hackers Exploited Third-Party Access to Cause Chaos!

A massive cyber-attack is rocking the retail giant Marks & Spencer (M&S), reportedly initiated by hackers named DragonForce who infiltrated the company through a third-party with access to its systems. This breach, which occurred in April, has led to significant disruptions, forcing M&S to pause online orders for over three weeks and resulting in an estimated loss of over £40 million in sales weekly since the incident began during the Easter bank holiday.

M&S has been struggling to restore its services, having closed down many IT operations as a precautionary measure, effectively locking itself out of core systems. This drastic action aimed to contain the attack but resulted in empty food shelves in stores and a heavy toll on online sales, which constitute about a third of the company’s clothing and homeware revenue.

Analysts are keenly watching the upcoming annual results announcement, with the spotlight firmly on the financial repercussions of this attack. Compounding the issue, on May 13, M&S confirmed that personal customer data had been compromised, raising concerns about data privacy. The stolen information may include names, addresses, and online order histories, though the retailer assures that card information remains secure as full card details are not stored.

The incident has drawn attention to the vulnerability of retail operations and opened discussions about cybersecurity measures, especially regarding third-party access. M&S is assuring customers that while its stores are returning to normal stock levels, the challenges of getting its online system fully operational remain at the forefront of its recovery efforts.