The hackers who targeted Marks & Spencer boasted about the hack and demanded cash in an aggressive email addressed to the CEO of the store. The hacking collective DragonForce used an employee’s email account to send the letter, which the BBC was able to view, to CEO Stuart Machin on 23rd April. This is the first proof that the ransomware organisation specifically targeted M&S.
Machin and seven other senior executives received the blackmail threat. A cyber-security specialist showed the BBC the extortion email.
The hackers claim to have stolen the personal information of millions of consumers and to have used ransomware to harm Marks & Spencer’s IT systems.
According to reports, the email was received from the account of a worker at Tata Consultancy Services (TCS), an Indian IT company that has been serving M&S for more than ten years.
The London-based Indian IT professional works for TCS but has an M&S email account. It seems that during the attack, his account was compromised.
TCS has previously said that it is looking into the possibility that it served as the cyberattack’s entry point. The business, however, informed the BBC that the disputed email was not issued from its servers and had nothing to do with the M&S hack.
The extortion email contains a darknet link that takes victims of DragonForce to a gateway where they may start haggling over the ransom price.
Shoppers started complaining about problems with M&S’s click-and-collect and contactless payment systems throughout the Easter holiday weekend. Later, the business stopped accepting online orders, and the interruption affected retail availability.
The store said that during the cyberattack, private consumer information was taken. Dates of birth, email addresses, postal addresses, and names might have been among the compromised data. M&S highlighted that account passwords and credit card information were unaffected.
It estimated that the attack’s ripple effects would cause its services to remain interrupted until July, lowering its current year’s profits by up to US $ 400 million.
