Tomorrow it’s one month since Marks and Spencer started containment, it’s also their financial results day.
Online ordering still down, all recruitment stopped, Palo-Alto VPNs still offline.
TCS have been linked to the Marks and Spencer breach, at least in part.
I made this point a few weeks ago, but... outsourcing all your IT, Networks, Service Desk (helpdesk) and operational cybersecurity is a temporary cost saving and basically paints a ticking timebomb on the org, IMHO.
@GossiTheDog I must admit to not being particularly enamoured by the overall concept of third party identity security services.
M&S say online ordering will be stopped until sometime in July, and it has taken a £300m hit, far higher than analysts had predicted. https://www.bbc.co.uk/news/articles/c93llkg4n51o
Their CEO has commented they’ve drawn a line under the hack, without recovering, which has a bit of this energy honestly
The NCA has confirmed on the record that the investigation into the M&S and Co-op hack is focused on English teenagers. I could toot the names of the people I think they’ll pick up, but won’t.
https://www.bbc.co.uk/news/articles/ckgnndrgxv3o
Edited 15d ago
The CEO of M&S has declined to comment if they have paid a ransom. For the record: I’ve heard they have, in secret, via their insurance. https://www.reuters.com/business/retail-consumer/ms-says-cyber-attack-was-result-human-error-declines-comment-ransom-2025-05-21/
Co-op Group announces it's getting rid of paper prices in stores, going to electric displays. Good luck during a ransomware incident 😒
TCS has a security incident running around the M&S breach.
Interestingly the source claims TCS aren't involved in Co-op's IT - which is categorically false, they took over most of it while I worked there, including the helpdesk, and my team (SecOps) after I left.
https://www.ft.com/content/c658645d-289d-49ee-bc1d-241c651516b0
Edited 13d ago
Insurance Insider say Co-op Group have no cyber insurance policy.
It’s got the insurance industry hard as they think they can ambulance chase other orgs with it.
Seven weeks in, Marks and Spencer still have recruitment closed, online orders stopped and no Palo-Alto GlobalProtect VPN.
While Co-op have restored every customer facing system and internal systems like recruitment and remote working, M&S still don't even have recruitment back.
I'm reliably told they paid the ransom, so they'll be target #1 basically forever with other ransomware groups now due to resiliency woes and willingness to pay.
Marks and Spencer's remuneration committee have opted not to dock the CEOs pay as expected and prior reported over the cyber incident, but instead increased it by £2m.
https://www.bbc.co.uk/news/articles/c23mz5eg091o
Marks & Spencer is holding walk-in in-store recruitment open days to fill vacant roles while its online hiring system remains offline following its ransomware attack in April. https://www.thegrocer.co.uk/news/mands-stores-staging-walk-in-recruitment-open-days-amid-cyberattack-disruption/705189.article
This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it.
They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.
