Really surprised that M&S online is still down for purchases. Must be ensuring an overhaul of systems and approach. Stock is not bad over the two years.
A new ecosystem of assured Cyber Resilience Test Facilities will allow vendors to demonstrate the cyber resilience of their products New assurance initiatives to help boost confidence in… - NCSC.GOV.UK
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States.
The communications could have been better on this. Coop owned it from the start.
Marks & Spencer confirms customers' personal data was stolen in hack | TechCrunch
If you're in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts, you will need to opt out again.
Facebook have done it again.
If you’re in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts and images to train its generative AI, you’ll need to opt out again—otherwise, Meta will resume training on your data.
Users have until May 27, 2025, to opt out once more, or they will permanently lose the ability to do so.
Here are the direct opt-out links, which aren’t prominently advertised within the apps:
For more details, see the original report: Ars Technica article Hope that helps!
DragonForce ransomware hit M&S, Harrods & Co-op, causing £700M losses & data breaches.
The Big Picture
In April 2025, UK retailers Marks & Spencer (M&S), Harrods, and Co-op were hit by a major ransomware attack, reportedly carried out by DragonForce, a ransomware-as-a-service (RaaS) group. The attack disrupted operations, caused financial losses, and exposed sensitive customer data—a wake-up call for businesses everywhere. Is it time to think about more regulation with retailers.
How the Hackers Pulled It Off
Breaking In
- Hackers stole hashed credentials from Windows Active Directory (NTDS.dit file) and cracked them offline months prior to he lay few weeks disruption
- Phishing & MFA fatigue attacks tricked employees into handing over access.
- SIM swapping helped bypass multi-factor authentication (MFA).
Spreading Through the System
- Mimikatz was used to extract plaintext passwords.
- Advanced IP Scanner mapped out networks to find high-value targets.
- Security monitoring tools were disabled to avoid detection.
Deploying the Ransomware
- DragonForce ransomware was executed on VMware ESXi servers, encrypting virtual machines.
- M&S lost £700 million in market value, supply chains stalled, and online orders were halted.
- Harrods restricted internet access, while Co-op shut down IT systems, affecting customer data and operations.
Holding Data Hostage
-
20 million Co-op customer records stolen, including credentials and payment data.
-
Hackers threatened to leak sensitive data unless ransom demands were met.
Cybersecurity Callouts & UK National Security Response
-
Zero-trust architecture: Stop hackers from moving freely inside networks.
-
AI-driven cybersecurity: Keep up with evolving ransomware tactics.
-
Continuous monitoring & MFA enforcement: Spot threats before they escalate.
-
Employee training: Prevent phishing and social engineering attacks.
-
Board-level cybersecurity investment: Treat digital infrastructure like critical infrastructure.
What This Means for Big Business
-
Supplier Risk Management Needs to Be a Priority
-
Third-party vendors (e.g., payment processors, logistics firms) are often the weakest link.
-
Businesses must audit external partners, enforce contractual security requirements, and monitor supplier networks in real time.
-
-
Internal Security Must Match External Threats
- Cyberattacks are inevitable, not just a possibility.
- Endpoint security, threat intelligence, and rapid response planning must be built into corporate risk frameworks.
Further Reading & Expert Insights
My team are in the playoffs within one of the hardest leagues in Europe 😬
UK Retailers and Cyber attacks have been huge in the last few weeks. I do not think it’s going to end any time soon
I’m impressed with the fact modernisation is taking place on Oxford street. It’s about time. Ikea to open Oxford Street store in May after 18-month delay | Ikea | The Guardian
🙏🏽
FCA staff emails to auto-delete after one year - FTAdviser
Any emails that should be retained to comply with regulatory and legal requirements, including the Freedom of Information act, will be saved.
Something tells me AI is going to be used to check emails and their classification.
Pigeons are better at multitasking than humans
Pigeons are capable of switching between two tasks as quickly as humans – and even more quickly in certain situations. These are the findings of biopsychologists who had performed the same behavioural experiments to test birds and humans. The authors hypothesize that the cause of the slight multitasking advantage in birds is their higher neuronal density.
I must be a plodder, doing one thing at a time. 🤷🏽♂️
Interesting read it reminds me when I used to be on client sites at the start of my career. With a bit of practice you can tell when someone’s lying to you. Especially in a 121 coaching sessions. Those head movements can tell you a lot in my opinion
Body language can differ between cultures, too. It can be considered impolite in many Asian countries to maintain eye contact while talking with someone, for example, while smiling can mean different things depending on the cultural context.
How to crack the subtle body language of liars - BBC Science Focus Magazine
Exploits of Apple and Google services
A new report reveals how a voice phishing gang exploits Apple and Google services to trick users into revealing personal information. The group used a spoofed phone call to steal over $4.7 million from a cryptocurrency investor named Tony. These scammers create fake login pages and use automated messages to convince victims they are talking to legitimate support teams.
What an interesting and fun read about SQL lite.
But they take backward compatibility so seriously that even if they have shipped a bug, they won’t fix it