- Cyber Monitoring Center says that it deals with M&S and cooperative attacks as a unique combined event
- M&S was struck by a major cyber attack earlier in 2025, Coop struck weeks after
- The cost of attacks could reach 440 million pounds sterling, CMC estimates
The recent cyber attacks against Marks and Spencer (M&S) and the CO-OP supermarket were combined in a single incident by a large investigation group in the United Kingdom.
Cyber Sweiatring Center (CMC), an independent non -profit organization created to classify major cyber -events by the insurance sector, said that it treated the two incidents as an event by the same striker – Spanded Spider.
“Since an actor of threat claimed the responsibility of M&S and the cooperative, the narrow calendar and the tactics, techniques and similar procedures (TTPS), CMC assessed incidents as combined cyber-events,” said CMC.
Combined attack
The CMC says that it has classified attacks as a “systemic category 2 event” and estimated that security violations will have a total financial impact between 270 million to 440 million pounds Sterling ($ 363 million at $ 592 million) on both companies.
He added that the effects of attacks had been classified as “narrow and deep”, with “important implications” not only for the two retailers, but also their suppliers, partners and service providers.
This definition is opposed to “shallow and wide” events such as the 2024 Crowstrike incident, which affected a large number of companies through the economy, but the impact on a single business was much smaller.
“Although the two targeted companies have undergone company disruption, data loss and response costs to incidents and rebuild, commercial disturbances result in the vast majority of the financial cost,” added the CMC.
“Most of the costs of the estimated disturbances are confronted with the two companies, but our analysis aims to estimate the wider cost for partners, suppliers and others.”
Despite the same time, the CMC said that the cyber attack on Harrods, another large British retailer, was not included at this stage, citing a lack of adequate information available on the cause and the impact.
M&S was apparently struck by the attack on April 22, revealing the news of the incident several days later. The cooperative revealed a news of its event on April 30, saying that it had been forced to suppress parts of its computer systems to try to mitigate the effects.
M&S planned that the attack could cost him around 300 million pounds of the operating profits lost during his exercise.
M&S did not confirm if he had paid a ransom to the hackers, but admitted that certain customer data had been stolen in the attack. This did not include any password or cards or payment details, but domestic addresses, telephone numbers and birth dates may have been assigned.
Anyone about their data may have been taken, we recommend that you use a dark web surveillance service or use a violation instructor, as I was PWAD to check the potential exhibitions.
Via Infoscussion
