Yazılar

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.

Britain’s Co-op Warns of $161 Million Profit Hit From Cyberattack

/in /tarafından

The Co-op Group, one of the UK’s most recognizable retailers, said on Thursday that a “sophisticated” cyberattack in April will reduce its annual profit by about £120 million ($161 million).

The 181-year-old, member-owned cooperative—which operates supermarkets, funeral services, legal, and insurance businesses—said it moved quickly to shut down several systems to contain the breach. That decision, however, caused major operational disruption, including shortages in food availability at stores.

The financial toll was clear in its latest results: for the first half of the year to July 5, revenue dropped by £206 million, while profit fell by £80 million. The company reported an underlying pre-tax loss of £75 million, compared with a £3 million profit a year earlier.

Finance chief Rachel Izzard said the full-year impact will total £120 million, with only limited insurance recovery. “We had the front-end elements of cyber insurance in place … but we don’t believe we will be claiming on insurance for back-end losses,” she explained.

Roughly £40 million of the second-half hit reflects new investments to strengthen cyber defenses. The Co-op’s Chief Digital and Information Officer, Rob Elsey, said attackers gained access through social engineering, impersonating a colleague to compromise their account—similar to a recent attack on Marks & Spencer.

The group’s food retail business, which generates the bulk of its revenue, slipped 1.6% to £3.6 billion, as it lost market share to rivals. Overall revenue was down 2.1% to £5.5 billion.

The company expects the rest of the year to bring continued pressure from high costs, global volatility, and intense competition, but still plans to open 30 new stores.

M&S Faces $400 Million Hit from Cyberattack, Online Disruption to Last Into July

/in /tarafından

Marks & Spencer (M&S) confirmed on Wednesday that the cyberattack disclosed in April will cost the British retailer approximately £300 million ($403 million) in lost operating profit, with disruption to its online operations expected to continue into July.

The attack, described by the company as “highly sophisticated and targeted“, forced M&S to shut down its automated stock systems, temporarily reverting to manual, pen-and-paper processes to manage billions of pounds worth of fresh food, clothing, and home goods. The fallout led to empty food shelves, delayed deliveries, and significant customer dissatisfaction.

Financial and Operational Impact

The cyberattack has been a major blow to M&S during a crucial period in its ongoing turnaround strategy. It has already:

  • Wiped more than £1 billion off M&S’s market value,

  • Halted online clothing, home and beauty sales, which have been “heavily impacted”,

  • Caused reduced food availability, higher waste, and increased logistics costs.

Despite this, in-store sales have remained “resilient,” and food sales recovered over the past week.

CEO Stuart Machin said the company expects 85% of online clothing and home items to be back on the site in the coming weeks. However, the full system restart will continue into July.

M&S reported £984.5 million in operating profit for the year ended March 29. It expects to mitigate some of the projected £300 million loss through insurance claims, cost-saving measures, and operational recovery.

Source and Method of Breach

Machin reiterated that the breach did not result from a failure in M&S’s own cybersecurity infrastructure. Instead, hackers gained access via “social engineering” at a third-party contractor. The attackers used deceptive methods to trick employees, breaching external access points rather than M&S’s internal systems.

“We didn’t leave the door open. This wasn’t anything to do with underinvestment,” said Machin.

The National Crime Agency has linked the incident to a group of young, English-speaking hackers, part of a wider pattern of cyberattacks affecting UK institutions including the British Library, London Underground, and blood testing services.

Market Reaction and Outlook

Despite the disruption, M&S shares rose 2% on Wednesday, reflecting investor confidence in the company’s recovery efforts. The stock is still down 9% since the attack.

Archie Norman, M&S chairman, acknowledged the setback but remained optimistic about the company’s broader transformation:

“Just as you think you’re onto a good streak, events have a way of putting you on your backside.”

Analysts said M&S’s strong underlying performance — with adjusted pretax profit up 22.2% and sales rising 6.1% to £13.9 billion — suggests its turnaround remains intact. The clothing and food divisions both gained market share, reinforcing the company’s momentum before the attack.

Nevertheless, competitors like Next, John Lewis, Tesco, and Sainsbury’s may benefit from M&S’s temporary online absence.

Cybersecurity Response

M&S stated that it will use the crisis to accelerate improvements in its technology infrastructure, emphasizing the importance of resilience in the face of rising global cyber threats.

The retailer also disclosed a £248.5 million non-cash impairment charge, linked to longer-term digital and operational investments affected by the incident.