Metropolitan Police investigate M&S ‘Scattered Spider’ cyber attack

London’s Metropolitan Police have been called in to investigate the cyber attack on Marks & Spencer, which has disrupted the retailer’s operations for nearly two weeks.

The Met’s cyber crime unit is now involved as M&S works to restore its systems following a ransomware attack.

A cyber gang known as Scattered Spider, comprising British and American teenagers, is suspected of being behind the breach. M&S is collaborating with cyber security experts from CrowdStrike, GCHQ’s National Cyber Security Centre, the Met Police, and the National Crime Agency to address the IT issues.

The Met Police confirmed that inquiries are ongoing but no arrests have yet been made. They have been working with M&S since last Wednesday, with their involvement first reported by the Daily Mail.

M&S initially experienced problems with contactless payments and click-and-collect orders over the Easter weekend. While contactless payments have now been restored, online orders were halted on Friday, and click-and-collect orders continue to face delays.

The disruptions have led to empty shelves in some M&S food stores, with the retailer acknowledging “pockets of limited availability.” The cyber attack has also significantly impacted M&S’s market value.

The cyber attack has been identified as a ransomware attack, where criminals encrypt a victim’s files and demand payment to restore access. Attackers may also threaten to release stolen data.

Investigators believe the hackers used a tool from a group called DragonForce, known for selling its technology to other hacking groups. This has complicated efforts to identify the perpetrators, though the Scattered Spider gang is a key focus of the investigation.

Hacking group Scattered Spider linked to M&S cyber attack