Here is the rewritten content without changing its meaning, retaining the original length, and keeping proper headings and titles as required:
A group of cybercriminals successfully breached the online operations of Marks & Spencer last month by exploiting a basic human vulnerability. The hackers posed as legitimate employees and called the IT help desks, convincing the staff to reset passwords for the accounts they had impersonated. With the obtained credentials, they infiltrated the company network and disabled its website and app ordering systems. Two weeks after the incident, customers are still unable to place clothing and home orders online, while M&S claims to be working “day and night” to restore services. However, the retailer has not provided a timeline for resuming online orders and has yet to disclose the financial impact of the disruption.
Impact on Retailer’s Customers
The cybercrime has significantly affected M&S customers, with disruptions first reported over the Easter weekend. Customers experienced issues with Click & Collect and contactless payments, which the company confirmed were due to a “cyber incident.” Although these services have resumed, online orders on the website and apps were paused last week, with no timeline for when they will restart.
In-store, some food items remain unavailable as M&S continues to take systems offline to manage the attack. Signs on empty shelves read: “Please bear with us while we fix some technical issues affecting product availability.” The retailer had hoped to restore full food availability by the end of the week, but it remains unclear whether that target will be met.
Additionally, M&S has temporarily removed all job adverts from its website, displaying a message stating: “Sorry you can’t search or apply for roles right now, we’re working hard to be back online as soon as possible.”
Cybersecurity Experts’ Warning to UK Businesses
According to a report by BleepingComputer, Britain’s National Cyber Security Centre has advised all organisations to audit their help-desk procedures to prevent such incidents. In a joint blog post, Jonathon Ellison and Ollie Whitehouse, national resilience director and chief technology officer at Britain’s cyber security centre, respectively, said: “Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.”
Investigators have confirmed that it was a ransomware attack, where malicious software infiltrates computer systems, encrypts critical data or files, and demands payment, often under threat of leaking or selling the stolen information.
Security experts attribute the breach to a ransomware group known as “DragonForce,” which rents its malware tools to other criminals, making it difficult to identify the exact actors. The Metropolitan Police have confirmed they are investigating the incident.
Source Link
