Marks & Spencer hackers sent abusive ransom demand to CEO
Hackers who targeted Marks & Spencer sent an abusive email to the retailer’s CEO, boasting about the breach and demanding payment.
The message, seen by the BBC, was sent to CEO Stuart Machin on 23 April by the hacker group DragonForce, using the email account of an employee.
It is the first confirmation that M&S was targeted by the ransomware group.
"We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers," the hackers wrote.
"The dragon wants to speak to you so please head over to [our darknet website]."
The blackmail message, which contains a racist term, was sent to Machin and seven other senior executives. The extortion email was shown to the BBC by a cyber-security expert.
In addition to claiming they deployed ransomware to damage Marks & Spencer's IT systems, the hackers allege they have stolen the personal data of millions of customers.
The email was reportedly sent from the account of an employee at Tata Consultancy Services (TCS), the Indian IT firm that has provided services to M&S for over a decade.
The Indian IT worker, based in London, has an M&S email address but is employed by TCS. It appears that his account was compromised during the attack.
TCS previously stated that it is investigating whether it may have been the entry point for the cyberattack. However, the company told the BBC that the email in question was not sent from its systems and that it is not connected to the breach at M&S.
A darknet link included in the extortion email leads to a portal for DragonForce victims to begin negotiating the ransom fee.
Sharing the link – the hackers wrote: "let's get the party started. Message us, we will make this fast and easy for us."
Problems for M&S began over the Easter holiday weekend, with shoppers reporting issues using contactless payments and click-and-collect services. The company later halted online orders and store availability was impacted by the disruption.
The retailer confirmed that personal customer data was stolen during the cyberattack. The compromised information may have included names, email addresses, postal addresses, and dates of birth. However, M&S emphasised that payment card details and account passwords were not affected.
It said that the knock-on effect of the attack means its services will continue to be disrupted until July, estimating it will reduce its profits for the current year by as much as £300 million.
Following the incident - alongside other attacks at firms such as Co-op, Harrods, and The North Face - new data from global research agency Opinium revealed last week that 66% of UK consumers now plan to change their online shopping habits and reconsider how and where they shop.
Of 2,000 UK adults surveyed, 23% of consumers now intend to only shop online with brands they completely trust, while 22% will only shop with brands they feel have strong security.
Even more damning, 73% now see cyber attacks as one of the biggest risks facing UK consumers, with 82% saying companies must do more to protect their data.
