Marks and Spencer and Co Op Hacking Crisis Disruptions and Cybersecurity Concerns

Marks & Spencer (M&S) and the Co-op are the latest victims of a sophisticated cyberattack attributed to the Scattered Spider network, which has caused significant operational disruptions. The attackers employed advanced social engineering tactics, tricking IT help desks into resetting passwords for accounts with elevated privileges. This breach allowed the hackers to infiltrate and compromise the companies’ systems.

The National Cyber Security Centre (NCSC) has emphasised the growing frequency and severity of such cyber incidents, urging organisations to review their IT security protocols. Specific guidance included refining the authentication methods for password resets, particularly for administrative accounts that can provide access to sensitive parts of a network.

The hackers exploited techniques such as “SIM swapping,” enabling them to gain control of employee phone numbers. With this access, they bypassed two-factor authentication and impersonated staff to manipulate IT departments. As a result, sensitive information, including employee credentials, was exposed. Sources report that M&S and its affiliated online retailer, Ocado, were forced to restrict certain services, while the Co-op endured limited product availability due to impacts on their supply chain.

M&S has stated that it has access to backup data, which could reduce the time to recover, but cybersecurity experts warn that rebuilding systems thoroughly to ensure safety may still take months. Retail stores have faced stock shortages, and online orders remain disrupted as efforts to clean and secure the network are undertaken.

The Scattered Spider group, believed to consist of young individuals in the UK and US, collaborates with the ransomware “cartel” DragonForce. This organisation, originating in Malaysia, aids ransomware distribution by offering encryption tools and ransom negotiation services in exchange for a share of the profits. The group has already hacked over 130 major targets since 2023.

Both M&S and Co-op have faced financial and reputational strain from these attacks, with M&S reportedly losing £40 million per week due to operational shutdowns. It serves as another stark reminder that organisations of all sizes must bolster their cybersecurity defences and maintain preparedness for potential breaches.

Retailers are now under heightened pressure, with the broader UK retail sector increasingly targeted by cybercrime. As attacks become more advanced, the responsibility lies with corporations to adopt robust countermeasures and prevent further disruption to both operations and customer trust.