Yazılar

UK Police Arrest Four Suspects Over Cyberattacks on M&S, Co-op, and Harrods

/in /tarafından

Four individuals under the age of 21 have been arrested in connection with cyberattacks that disrupted operations at major UK retailers Marks & Spencer (M&S), the Co-op, and Harrods, the National Crime Agency (NCA) announced on Thursday. The most severe incident occurred in April when a ransomware attack forced M&S to halt online clothing sales for nearly seven weeks, resulting in an estimated £300 million ($400 million) loss in operating profit.

The arrested suspects include three males aged 17, 19, and 19, and a 20-year-old woman. They were detained at their homes in the West Midlands and London. The NCA said they face allegations including offenses under the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. Authorities also seized their electronic devices, and the suspects are currently being questioned by the NCA’s National Cyber Crime Unit.

M&S Chairman Archie Norman revealed to lawmakers that the company had engaged with the U.S. FBI regarding the cyberattack. He suggested that loosely connected groups, possibly led by a hacking collective known as DragonForce, were behind the incidents. Norman also advocated for UK businesses to be legally mandated to report significant cyberattacks, noting that some major breaches recently went unreported.

M&S resumed online clothing orders on June 10 after a 46-day suspension, although click-and-collect services remain offline. CEO Stuart Machin expressed confidence that the company would be through the worst of the attack’s impact by August.

Hackers Target U.S. School Districts in Extortion Attempts Using Stolen PowerSchool Data

/in /tarafından

Hackers have launched extortion attempts against multiple U.S. school districts, using sensitive student data stolen from education software provider PowerSchool, the company confirmed on Wednesday. The breach, first disclosed in December 2024, involved personal information including names, contact details, birthdates, medical alerts, and Social Security numbers.

PowerSchool, which serves over 60 million students globally, revealed it had made the “difficult decisionto pay a ransom to the attackers—acknowledging for the first time that a ransom payment was made, though the amount was not disclosed.

We believed it to be in the best interest of our customers and the students and communities we serve,” the company said, citing assurances and evidence that the hackers would delete the stolen data.

While it’s unclear if the same attackers are behind the ongoing extortion, Reuters reported that at least four school districts have been contacted. The locations of these districts have not been disclosed.

Background:

  • Breach disclosed: December 2024

  • Data affected: Names, contact info, birthdates, SSNs, limited medical data

  • Ownership: Taken private by Bain Capital in a $5.6B deal in June 2024

The company has not commented further on whether law enforcement is involved or if additional districts have been contacted.

This development highlights growing concerns over cybersecurity vulnerabilities in U.S. public education systems, where student data is increasingly at risk from ransomware and extortion schemes.

Record-Breaking: Crypto Ransom Payments Surge to $1 Billion in 2023, Reveals Chainalysis

/in /tarafından

Divergent Trends: Decrease in Crypto Crime Losses Excluding Ransom Payments in 2023 Devamını Oku