
Avoiding Being Marks & Spencer
What they did
Detected around the Easter weekend, the attack was both bold and damaging:
Ransomware strike: DragonForce encrypted servers across critical systems.
Data theft: Names, emails, dates of birth, order histories—and even masked customer account references—were stolen. Thankfully, no usable payment or password data was taken.
What was the impact
Financial punch: Losses were clocking in around £40 million per week, with a projected £300 million hit to annual profits.
Market shock: M&S’s valuation fell more than £700 million, a result of revenue loss and shaken consumer confidence.
Trust eroded: Customers were frustrated and wary—being unable to shop or redeem vouchers shook their faith in the brand.
Insurance puzzle: With a claim estimated at around £100 million, cyber-insurers may not cover everything—adding more uncertainty.
Some services still unavailableincluding click & collect, express delivery options and shipping outside of the UK.
What does this mean for your business
Lock down third-party access: Enforce MFA, strict access profiles, and regular vendor audits.
Out-of-band verifications: Never reset or disable MFA over email or a single phone call—always confirm credentials via established internal channels.
Fight social engineering: Regular phishing and vishing drills, paired with ongoing staff education, help strengthen the human firewall.
Detect lateral movement: Use SIEM/EDR tools to flag unusual activity like massive credential use or NTDS access.
Secure backups: Keep critical data offline and encrypted, and routinely test your recovery procedures.
This high profile breach serves as a wake-up call: no organisation is immune. It's not just about investing in technology, but building resilience in people and processes. Prevention doesn't require perfection, but vigilance - and readiness to respond when someone tries to tick you.