It is going to be interesting to see how these ransomware payments are made. Personal data taken in UK legal aid cyber attack | Reuters
They shared evidence proving that they had stolen a huge amount of private customer and employee information
M&S and Co-Op: BBC reporter on talking to the hackers - BBC News
Japan Introduces the Active Cyberdefence Law
The ACD does not permit surveillance of domestic communications, but it allows Tokyo to monitor IP addresses used in communications between foreign countries that pass through Japan, and between Japan and the rest of the world.
This provides a workaround to the constitution’s domestic privacy protections, while addressing the fact that the overwhelming majority of cyber attacks on Japanese entities originate from overseas, according to the government.
M&S comms finally goes out 👏🏽
Really surprised that M&S online is still down for purchases. Must be ensuring an overhaul of systems and approach. Stock is not bad over the two years.
A new ecosystem of assured Cyber Resilience Test Facilities will allow vendors to demonstrate the cyber resilience of their products New assurance initiatives to help boost confidence in… - NCSC.GOV.UK
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States.
The communications could have been better on this. Coop owned it from the start.
Marks & Spencer confirms customers' personal data was stolen in hack | TechCrunch
If you're in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts, you will need to opt out again.
Facebook have done it again.
If you’re in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts and images to train its generative AI, you’ll need to opt out again—otherwise, Meta will resume training on your data.
Users have until May 27, 2025, to opt out once more, or they will permanently lose the ability to do so.
Here are the direct opt-out links, which aren’t prominently advertised within the apps:
For more details, see the original report: Ars Technica article Hope that helps!
DragonForce ransomware hit M&S, Harrods & Co-op, causing £700M losses & data breaches.
The Big Picture
In April 2025, UK retailers Marks & Spencer (M&S), Harrods, and Co-op were hit by a major ransomware attack, reportedly carried out by DragonForce, a ransomware-as-a-service (RaaS) group. The attack disrupted operations, caused financial losses, and exposed sensitive customer data—a wake-up call for businesses everywhere. Is it time to think about more regulation with retailers.
How the Hackers Pulled It Off
Breaking In
- Hackers stole hashed credentials from Windows Active Directory (NTDS.dit file) and cracked them offline months prior to he lay few weeks disruption
- Phishing & MFA fatigue attacks tricked employees into handing over access.
- SIM swapping helped bypass multi-factor authentication (MFA).
Spreading Through the System
- Mimikatz was used to extract plaintext passwords.
- Advanced IP Scanner mapped out networks to find high-value targets.
- Security monitoring tools were disabled to avoid detection.
Deploying the Ransomware
- DragonForce ransomware was executed on VMware ESXi servers, encrypting virtual machines.
- M&S lost £700 million in market value, supply chains stalled, and online orders were halted.
- Harrods restricted internet access, while Co-op shut down IT systems, affecting customer data and operations.
Holding Data Hostage
-
20 million Co-op customer records stolen, including credentials and payment data.
-
Hackers threatened to leak sensitive data unless ransom demands were met.
Cybersecurity Callouts & UK National Security Response
-
Zero-trust architecture: Stop hackers from moving freely inside networks.
-
AI-driven cybersecurity: Keep up with evolving ransomware tactics.
-
Continuous monitoring & MFA enforcement: Spot threats before they escalate.
-
Employee training: Prevent phishing and social engineering attacks.
-
Board-level cybersecurity investment: Treat digital infrastructure like critical infrastructure.
What This Means for Big Business
-
Supplier Risk Management Needs to Be a Priority
-
Third-party vendors (e.g., payment processors, logistics firms) are often the weakest link.
-
Businesses must audit external partners, enforce contractual security requirements, and monitor supplier networks in real time.
-
-
Internal Security Must Match External Threats
- Cyberattacks are inevitable, not just a possibility.
- Endpoint security, threat intelligence, and rapid response planning must be built into corporate risk frameworks.
Further Reading & Expert Insights
My team are in the playoffs within one of the hardest leagues in Europe 😬
UK Retailers and Cyber attacks have been huge in the last few weeks. I do not think it’s going to end any time soon
I’m impressed with the fact modernisation is taking place on Oxford street. It’s about time. Ikea to open Oxford Street store in May after 18-month delay | Ikea | The Guardian
🙏🏽

FCA staff emails to auto-delete after one year - FTAdviser
Any emails that should be retained to comply with regulatory and legal requirements, including the Freedom of Information act, will be saved.
Something tells me AI is going to be used to check emails and their classification.