{"id":97745,"date":"2025-06-17T00:01:00","date_gmt":"2025-06-17T04:01:00","guid":{"rendered":"https:\/\/therobinreport.com\/?p=97745"},"modified":"2025-06-16T15:36:00","modified_gmt":"2025-06-16T19:36:00","slug":"rising-cyberattacks-ransom-retailers","status":"publish","type":"post","link":"https:\/\/therobinreport.com\/rising-cyberattacks-ransom-retailers\/","title":{"rendered":"Rising Cyberattacks Ransom Retailers"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

It\u2019s the stuff that digital nightmares are made of. A successful cyberattack<\/a> that included access to customer details forced a six-week shutdown of ecommerce and took over $400 million off the bottom line after a ransom note declared \u201cLet’s get the party started.\u201d<\/p>

The future of retail is sovereign when it comes to data and European data has never been more under attack. What we see around the world is a loss of the rules and countries such as Russia and North Korea are centers of ransomware and a risk to retailers and therefore their relationships with their customers.<\/p><\/blockquote>

Little wonder then that Stuart Machin, the popular CEO of high-flying U.K. department store group Marks & Spencer, described himself as being in shock when the ransom note was sent directly to his inbox along with half a dozen of his senior execs.<\/p>

Until June 10 there was little let-up for Marks & Spencer when it was finally able to reopen its website to shoppers, a full six weeks after it was forced to halt online orders following the hugely damaging cyberattack. On its website, M&S simply welcomed customers back with the message that shoppers, \u201ccan now place online orders with standard delivery to England, Scotland and Wales.\u201d It also confirmed that deliveries to Northern Ireland would take several more weeks, as would the resumption of click and collect, next-day and nominated-day delivery and international ordering.<\/p>

A $34 Million a Week Problem<\/h4>

It\u2019s no wonder that M&S was trying to resolve the situation as fast as possible as it is estimated to have lost around $34 million in online apparel and homewares sales a week after it was\u00a0forced to stop taking orders within days of when the infamous \u2018threat actors\u2019 collective DragonForce\u00a0gained access to its systems over the Easter weekend in a follow-up to another attack by separate ransomware group, Scattered Spider<\/p>

Beyond the embarrassing reputational damage, once the dust finally settles the company expects the hack to cost it over $400 million in profits this year, although about half of that is expected to be offset by insurance and other measures. Particularly galling was the fact that M&S had posted some strong and positive results \u2013 only to be bitten in the etail by the hackers.<\/p>

In the meantime, shoppers have been able to browse online, and shop in M&S\u2019s physical stores using cash or third-party cards since the hack. However, in-store stocks of food and apparel have also been affected, meaning M&S has lost out on sales during what in the U.K. had been an unexpectedly warm, sunny spring. M&S has also conceded that some personal information\u00a0relating to thousands of its customers including their names, addresses, dates of birth and order histories, was taken during the cyber-attack.<\/p>

M&S Recovers Slowly<\/h4>

With the website back up and running, Machin said that he expects the retailer to recover \u201cat pace,\u201d in part by bringing forward planned investment in the company\u2019s IT systems and website during the rebuild forced by the hackers. Machin has fast-tracked that investment after originally earmarking three years for the upgrade but now looking to complete the project within 18 months. \u201cI went into shock. It\u2019s in the pit of your stomach, the anxiety. But you have to think: \u2018Stuart, you have to lead this, you have to keep a cool head,\u2019\u201d\u00a0Machin told U.K. publication The Mail on Sunday<\/a>. \u201cI have learned everyone is vulnerable. The hackers only need to be lucky once.\u201d<\/p>

Chronicle of a Cyberattack<\/h4>

So, what actually happened? On April 23 the hacker group DragonForce sent an abuse-filled email in broken English directly to Machin bragging about the attack and demanding a ransom payment. They had successfully infiltrated a London-based employee\u2019s email account, apparently using the account from the Indian IT giant Tata Consultancy Services (TCS), which has provided IT services to M&S for over a decade.<\/p>

“We have marched the ways (stet) from China all the way to the U.K. and have mercilessly raped your company and encrypted all the servers,” the hackers wrote in a message that also included a racist epithet. “The dragon wants to speak to you so please head over to [our darknet website].”<\/p>

In addition to boasting about installing ransomware across the M&S IT system to render it useless, the hackers also claimed that they had stolen the private data of millions of the retailer\u2019s customers and shared a darknet link to a portal created for DragonForce victims to begin negotiating the ransom fee. \u201cLet’s get the party started. Message us, we will make this fast and easy for us,\u201d the hackers said.<\/p>

Cyberattacks on Both Sides of the Pond<\/h4>

The attack on M&S was not a lone-wolf operation. The news about the attack on one of the U.K.\u2019s biggest retailers first emerged days before cyberattacks were also reported by U.K. convenience store chain the Co-op and upscale London department store Harrods. Both retailers had to shut down parts of their IT systems as a result. Or that after the cyberattack trend crossed the Atlantic, the FBI got involved when retailers became easy picking for sophisticated hackers determined to wreak havoc and extort money. Recently, sportswear brand Adidas and lingerie group Victoria\u2019s Secret have also been targeted.<\/p>

In May, Adidas warned that its customer data had been compromised and confirmed that\u00a0the cybercriminals had accessed certain consumer data through a third-party customer service provider. Adidas insisted that no passwords or payment details had been taken by the attackers and that it was in the process of informing its customers. \u201cWe immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,\u201d the company said in a statement and added that the compromised data \u201cmainly consists of contact information\u201d relating to consumers who had contacted its customer service help desk in the past.<\/p>

Meantime, the website for Victoria\u2019s Secret was quietly taken offline after a prolonged \u201csecurity incident.\u201d Shoppers visiting the website during the several days of shutdown were met with a pink screen with the company\u2019s statement rather than its usual selection of merchandise. The retailer had \u201cidentified\u201d and was \u201ctaking steps to address a security incident,\u201d according to a statement posted on its website. \u201cWe have taken down our website and some in-store services as a precaution.\u201d At its first quarter earnings update on June 11, Victoria\u2019s Secret CFO Scott Sekella conceded that the retailer expects to take a $10 million hit in its operating income as a result of the cyberattack.<\/p>

Grocery retailer Ahold Delhaize USA was also targeted after the hackers managed to log into an account at one of its U.S. retail locations, but the incident was \u201cisolated and contained,\u201d according to an internal Ahold Delhaize report CNN said.<\/p>

Meantime, health food wholesaler UNFI, the primary food distributor for Whole Foods, had to take some of its systems offline after a cyberattack on June 5 which has led, anecdotally, to some empty shelves at the upscale grocer. In a regulatory filing, UNFI said it became aware of an incident in its information technology systems, which has caused \u201ctemporary disruptions to the company\u2019s business operations.\u201d<\/p>

A Sign of the Times<\/h4>

The recent spate of cyberattacks is worrying enough for the retailers impacted and have caused alarm across the industry, but the real question is what may be yet to come. Schwarz Digits CEO Rolf Schumann warned of cyberattacks at World Retail Congress in London in May as he claimed that the future of retail is sovereign when it comes to data and that European data has never been more under attack. \u201cWhat we see around the world is a loss of the rules, because we live in a rules-based world,\u201d he said, pointing to countries such as Russia and North Korea as centers of ransomware and highlighting the risk to retailers and therefore their relationship with their customers. \u201cLook at the aggressiveness we face every day from the U.S. and China for our [Europe\u2019s] data. How can we turn Europe into a data colony? Who owns the data owns the knowledge,\u201d he said.<\/p>

How darkly prescient those comments were. With seven retailers across the U.K. and the U.S. attacked within weeks of each other, the ransomware actors are becoming bolder and their attacks are becoming more frequent. In an increasingly dangerous and volatile world, cybersecurity is set to become a cornerstone of protecting privacy, service, and all-important consumer trust.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Cyberattacks hit retailers like M&S and Victoria\u2019s Secret, exposing data and causing $400M+ in losses, spotlighting urgent cybersecurity needs.<\/p>\n","protected":false},"author":40,"featured_media":97746,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"cybocfi_hide_featured_image":"","footnotes":""},"categories":[24],"tags":[481,155],"class_list":["post-97745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finance-economics","tag-international","tag-trends"],"_links":{"self":[{"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/posts\/97745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/comments?post=97745"}],"version-history":[{"count":0,"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/posts\/97745\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/media\/97746"}],"wp:attachment":[{"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/media?parent=97745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/categories?post=97745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/therobinreport.com\/wp-json\/wp\/v2\/tags?post=97745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}