M&S says customer data stolen in cyberattack, forces password resets

Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. The attack occurred on April 22, 2025, significantly impacting business operations on the retailer's 1,400 stores, forcing it to stop accepting online orders. BleepingComputer first revealed that the attacks were conducted by DragonForce ransomware affiliates utilizing Scattered Spider social engineering tactics to breach Marks and Spencer's network. During the attack, the threat actors encrypted VMware ESXi virtual machines hosted on the company's servers. Since then, M&S has been investigating the attack and confirmed that the intruders stole sensitive personal information belonging to customers. This was announced by M&S CEO, Stuart Machin, who posted a letter on the retailer's official Facebook page. "As we continue to manage the current cyber incident, we have written to customers today to let them know that unfortunately, some personal cust ... Read full article.