Retail Giant M&S Holds Ransomware Group Responsible for Attack, Calls for Mandatory Reporting

  • M&S chair Archie Norman confirms DragonForce behind cyber attack
  • Collaboration with US FBI, UK’s National Crime Agency and NCSC
  • Co-op also faced select committee over cyber attacks on businesses
  • Norman urges mandatory reporting of major cyber attacks

Marks & Spencer (M&S) chair Archie Norman has publicly confirmed that the company believes ransomware group DragonForce was responsible for its cyber attack. Speaking to a parliamentary select committee, Norman revealed that M&S had an exchange with the US FBI and worked with the UK’s National Crime Agency and the National Cyber Security Centre (NCSC) following the incident. Co-op also faced the committee after being hit by a cyber attack in the same month. Norman urged the government to make reporting on major cyber attacks mandatory, stating that many go unreported. M&S experienced issues with contactless payments across UK stores during the Bank holiday weekend.

Factuality Level: 8
Factuality Justification: The article provides accurate and relevant information about M&S’s cyber attack, the involvement of DragonForce, and the company’s collaboration with law enforcement agencies. It also includes Archie Norman’s call for mandatory reporting of major cyber attacks. However, it contains some repetitive information and a promotional link at the end.
Noise Level: 3
Noise Justification: The article provides relevant information about M&S’s cyber attack and the involvement of ransomware group DragonForce. It also mentions the company’s collaboration with law enforcement agencies and Norman’s call for mandatory reporting of major cyber attacks. However, it could benefit from more in-depth analysis or discussion on the broader implications of such incidents.
Financial Relevance: Yes
Financial Markets Impacted: No
Financial Rating Justification: The article discusses M&S’s cyber attack and their collaboration with law enforcement agencies, but it does not directly impact financial markets or specific companies.
Presence Of Extreme Event: Yes
Nature Of Extreme Event: Technological Disruption (cyber-attacks, major service outages, data breaches, etc.)
Impact Rating Of The Extreme Event: Moderate
Extreme Rating Justification: The article discusses a cyber attack on M&S and its impact on the company’s operations. While there are no specific details about the extent of damage or consequences mentioned, the fact that it affected store payments and required assistance from law enforcement agencies suggests a moderate level of impact.

Reported publicly: www.retailgazette.co.uk