Cyberattacks on M&S and Co-op Originated from Help Desk Deception, Says Report
Cybercriminals launched recent attacks on British retailers Marks & Spencer (M&S) and Co-op Group by impersonating employees to trick IT help desks into resetting passwords, according to a report by BleepingComputer. This social engineering tactic allowed hackers to gain initial access to internal systems.
The UK’s National Cyber Security Centre (NCSC) responded by urging all organisations to re-evaluate their help desk protocols, warning that online criminal activity like ransomware and data extortion is on the rise and that even large enterprises are vulnerable to such basic forms of manipulation.
While both M&S and Co-op declined to comment, the consequences of the M&S breach are already being felt. Shares dropped 4% on Tuesday and are down 12% since the cyber incident was disclosed on April 22. The company halted online orders for clothing and home products via its website and app on April 25, with no timeline for resumption. Some food product availability has also been disrupted.
Deutsche Bank analysts estimate the incident has cost M&S around £30 million ($40 million) so far, with an ongoing weekly impact of approximately £15 million. Though cyber insurance may offset part of the loss, it typically covers a limited time period. The broader risks include loss of consumer trust, data breach fines, and long-term reputational damage.
Ciaran Martin, former CEO of the NCSC, noted that the recovery time for such attacks is often lengthy due to the need to completely rebuild compromised IT networks.
Meanwhile, a group identifying as DragonForce claimed responsibility for attacking both M&S and Co-op, as well as stealing staff and potential customer data from the latter. The same group also claims responsibility for attacking Harrods. The report also links the cyberattack on M&S to the “Scattered Spider” hacking collective, known for using DragonForce ransomware, although the NCSC said it could not confirm the connection.
