M&S to face disruption from massive cyber attack for another two months

Shoppers pass Marks & Spencer on a high street. — M&S has been dealing with a devastating cyber attack (Picture: EPA)

M&S has said the fallout from the cyber attack is expected to last until July.

The high street shop was targeted by hackers in April, which disrupted contactless payments and Click and Collect – just one of many major retailers that have been hacked recently.

The retailer then confirmed that customer data had been stolen, although it said no passwords or card details were accessed.

M&S and customers face further disruption from the attack, expected to last through to July.

Shoppers have faced empty shelves in M&S stores after the attack, while online orders were paused for weeks.

A view of empty shelves inside a Marks & Spencer shop. — Some shelves in M&S stores were empty following the cyber attack (Picture: Holly Williams/PA Wire)

Its operating profits will be reduced by around £300 million due to the impact of the attack, M&S warned.

Experts said that attacks on iconic institutions are often not sophisticated.

Instead, hackers resort to tricks and bombard several companies in case one of them hits a vulnerability, cyber security expert Dr Ian Batten told Metro.

The M&S outage has been linked to a collective called Scattered Spider, which used a ransomware attack to breach the system.

The hackers used a platform called DragonForce to launch the ransomware.

Despite the group’s shadowy name, most breaches ‘don’t start with a Hollywood-style hacking,’ James Hadley, the founder of the cybersecurity firm Immersive, told Metro.

You can read more about how the system was cracked and who might be next here.

Cyber criminals have also targeted Co-op, Harrods and the Ministry of Justice’s Legal Aid Agency, leaving many users in uncertainty over who holds their details.

Co-op said it took down its IT system to prevent any further loss of data after around 20 million shoppers’ personal information was stolen.

M&S is trusted institution for British shoppers (Picture: EPA)

The latest to announce a cyber attack is the Tesco, Sainsbury’s and Aldi supplier Peter Green Chilled.

Detectives from the National Crime Agency are investigating the string of attacks, but no arrests have been made yet.

Scattered Spider collective has caught their attention, and it is thought to include young, English-speaking teenagers, BBC News reports.

Paul Foster, the head of the NCA’s national cyber crime unit, told the broadcaster in a documentary: ‘We know that Scattered Spider are largely English-speaking but that doesn’t necessarily mean that they’re in the UK – we know that they communicate online amongst themselves in a range of different platforms and channels, which is, I guess, key to their ability to then be able to operate as a collective.’

Got a story? Get in touch with our news team by emailing us at webnews@metro.co.uk. Or you can submit your videos and pictures here.

For more stories like this, check our news page.

Follow Metro.co.uk on Twitter and Facebook for the latest news updates. You can now also get Metro.co.uk articles sent straight to your device. Sign up for our daily push alerts here.