M&S Chair Silent on Ransom Payment After Cyber Attack
Marks & Spencer Chairman Refrains from Disclosing Ransom Payment Details
The chairman of the prominent U.K. retailer, Marks & Spencer, opted not to reveal to a parliamentary committee whether a ransom was paid to a hacking group after a recent ransomware incident.
Archie Norman, the chairman, stated that details regarding interactions with the threat actor are being withheld. He justified this decision by asserting that public disclosure could hinder ongoing law enforcement investigations.
Interaction with Cybercriminals
Norman clarified that no employees of Marks & Spencer engaged in direct communication with the cybercriminals responsible for the attack. The ransomware attack has been attributed to the group known as DragonForce.
The company initially reported a data breach in May, revealing that an undefined quantity of customer information was compromised.
Data Compromised in the Breach
The stolen data encompassed a range of personal details, including:
- Names
- Dates of birth
- Home and email addresses
- Phone numbers
- Household information
- Online order histories
Furthermore, the breach caused significant operational disruptions, resulting in depleted stock levels and a temporary inability for customers to place orders online.
Ongoing Recovery Efforts
Norman informed the lawmakers that the company remains focused on recovery procedures. He indicated that these efforts are expected to continue through October or November of this year.
The full extent of the impact and the long-term consequences of the cyberattack are still being assessed by Marks & Spencer.
Related Posts
FTC Upholds Ban on Stalkerware Founder Scott Zuckerman
Google Details Chrome Security for Agentic Features
Petco Data Breach: SSNs, Driver's Licenses Exposed
Petco Data Breach: Customer Data Exposed - What You Need to Know
Intellexa Spyware: Direct Access to Government Espionage Victims
