Safe + Secure
PC Matic Complete Security
Products
Antivirus
PC Matic VPN
Identity Protection
PC Matic Privacy
Support Unlimited
Threat Awareness
How PC Matic Protects You
SuperShield Allowlist
Business Protection
PC Matic Pro
PC Matic for SMB
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
The Cyber Scam Report
Town Hall Sessions
Tools & More
Password Generator
Internet Speed Test
What Is My IP?
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Social Engineering 101: What the M&S Attack Can Teach Us

Marks & Spencer (M&S), one of the UK’s best-known retail stores, recently confirmed that it suffered a major cyberattack. The breach happened after hackers pulled off a sneaky trick to get into the company’s computer system. Here’s a breakdown of what happened.

The Hack: A Clever Trick

On April 17, M&S fell victim to what experts call a social engineering attack. But what does that mean?

In this case, a hacker pretended to be someone who works with M&S—out of the 50,000 people connected to the company. This fake identity was so convincing that it tricked an outside company into resetting a real employee’s password.

Once the hackers had that password, they used it to break into M&S’s network.

Who Got Tricked?

The password reset was reportedly done by Tata Consultancy Services, an outside company that helps M&S with IT support. Tata may have been tricked by the hackers into thinking they were helping a real employee.

Who’s Behind the Attack?

The ransomware group DragonForce is believed to be behind the attack. There’s been some confusion around this name:

  • Some media outlets mixed up DragonForce ransomware with DragonForce Malaysia, a political hacktivist group.
  • The DragonForce involved in this attack is linked to a ransomware gang that is possibly based in Russia, not Malaysia.

The attack is also connected to another group known as Scattered Spider, which is known for using ransomware to attack big companies.

What Did the Hackers Do?

Once inside the system, the hackers:

  • Encrypted important servers so M&S couldn’t access them.
  • Stole about 150GB of data (that’s a huge amount).
  • Used a tactic called double extortion, which means:
    1. They lock up your files.
    2. They also steal your data and threaten to leak it unless you pay.

Did M&S Pay the Ransom?

We don’t know for sure.

M&S said they didn’t talk directly with the hackers. Instead, they left that part to cybersecurity experts who know how to deal with ransomware gangs.

When asked if they paid the ransom, M&S’s chairman, Archie Norman, didn’t give a clear answer. He said it wasn’t something they wanted to share with the public, but they did tell the authorities.

It’s worth noting that the hackers haven’t posted M&S’s data online, which might mean the ransom was paid—or negotiations are still ongoing.

What Happens Next?

The company acted quickly once they knew about the hack. They shut down their systems to stop the attack from spreading. Still, the damage had already been done.

The investigation continues, and M&S is working with cybersecurity professionals and law enforcement to prevent future attacks.

Why This Matters

This isn’t just a story about one company. It’s a warning to all businesses and individuals:

  • Cybercriminals are getting more clever.
  • Even big companies can fall victim to fake identities and password tricks.
  • Always be careful with who you trust online.

How PC Matic Can Help Prevent Attacks Like This

Attacks like the one on M&S show just how sneaky and advanced today’s hackers can be. But there are smart ways to fight back—and that’s where PC Matic comes in.

Here’s how PC Matic helps stop threats before they cause damage:

Application Allowlisting

Most antivirus programs try to block the bad stuff. PC Matic does something smarter—it only allows approved, trusted programs to run. That means even if a hacker sneaks ransomware into your system, it won’t be able to launch.

Real-Time Protection

PC Matic scans your system in real time, catching suspicious behavior like strange login attempts or unknown software trying to run. This can stop an attack before it spreads, like what happened to M&S when their servers were encrypted.

Automated Patching

Cybercriminals often get in through outdated software. PC Matic keeps your programs up to date with automated patch management, closing the gaps hackers use to sneak in.

Made in America – With No Outsourcing

PC Matic is proudly built and supported in the U.S., which helps avoid the kind of third-party missteps (like the password reset in this case) that led to M&S’s breach.

Final Thoughts

The M&S hack shows how human error and outside vendors can create security holes. It also highlights how serious ransomware attacks have become. While M&S is staying quiet on the ransom, their quick response and reliance on experts was a smart move.

Cybersecurity isn’t just about strong passwords anymore—it’s about protecting people and processes too.

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles