<ul data-eligibleForWebStory="false"><li>M&S believes the recent cyberattack was carried out by the group DragonForce, originating from Asia or Russia.</li><li>M&S Chairman Archie Norman emphasized the need for greater transparency regarding cyberattack reporting at a UK Parliament hearing.</li><li>The initial breach involved social engineering, with an attacker impersonating an M&S worker to reset an employee's password.</li><li>150GB of data was stolen in the cyberattack, recovery efforts ongoing with full recovery expected by October or November 2025.</li></ul>

M&S thinks it might finally know what caused cyberattack - but still won't say if it paid a ransom

Discover more