Mastodawn

Co-op confirms data theft after DragonForce ransomware claims attack

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers.

BleepingComputer

https://www.bbc.com/news/articles/cvgnyplvdv8o

One of M&S’ biggest suppliers have said they have reverted to pen and paper for orders due to M&S lacking IT.

Additionally, M&S staff are raising concern about how they will be paid due to lack of IT systems.

M&S are over a week into a ransomware incident and still don’t have their online store working.

M&S supplier back to pen and paper after cyber attack

What's going on behind the scenes in the aftermath of the cyber attack on M&S.

By the way, this is absolutely terrible advice for dealing with a major and high visibility ransomware incident.

There's a report on ITV News that Co-op member data is available on the Dark Web(tm), but as far as I know this isn't accurate. DragonForce's portal hasn't been available for over a week.

https://www.itv.com/news/2025-05-03/worsening-cyberattack-shuts-down-co-op-orders-itv-news-understands

Here's the ITV News report anyhoo, logline: "ITV News understands the the ongoing cyberattack faced by the supermarket has worsened since Friday, impacting the ordering system, drivers and warehouse staff."

https://www.thetimes.com/business-money/companies/article/m-and-s-cyber-attack-ms-klrnxvwq6

Sunday Times has a piece looking into ransomware incident at Marks and Spencer. It's pretty good, goes into their contain and eradicate focus.

"By shutting down parts of the IT estate, Higham’s team had worked to prevent the attack from spreading, but had also stopped parts of its digital operations from functioning. This was considered a worthy trade-off."

One error in the article - lack of recovery doesn't mean no ransomware paid. Paying is not quick restoration.

Inside the M&S meltdown: 3am meetings and £40m a week in lost sales

Two weeks after a cyberattack engulfed the retailer, the disruption is continuing — and threatening to undermine its hard-won turnaround

The Sunday Times

A wrote a piece about paying ransoms does not equal quick restoration - in fact, quite often it makes things worse. https://doublepulsar.com/big-game-ransomware-the-myths-experts-tell-board-members-03d5e1d1c4b7

Big Game Ransomware: the myths experts tell board members

There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to…

DoublePulsar

https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers

Great NCSC piece by @ollie_whitehouse

I’d add - block by Entra policy specifically High risk logins (below is too FP prone), and SOC monitor them. SOC playbook = account probably compromised. How?

Incidents impacting retailers – recommendations from the NCSC

A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.

https://news.sky.com/story/amp/mands-had-no-plan-for-cyber-attacks-insider-reveals-with-staff-left-sleeping-in-the-office-amid-paranoia-and-chaos-13361359

Sky News quote a source in M&S head office saying Marks and Spencer have no ransomware incident plan so they are making it up as they go along apparently, with staff sleeping in the office and communicating via WhatsApp.

M&S dispute this, saying they have robust business continuity plans.

M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos'

Sky

BBC News has a look at teenagers phoning helpdesks and pretending to be the CISO. https://www.bbc.com/news/articles/c4grn878712o

Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre

The NCSC urges firms to check IT help desk "password reset processes" as hackers target retailers.

One of the points of exploitation of large orgs is they usually outsource their Service Desk to somewhere cheap offshore who don’t know the org staff, and when you call and say your name, they normally put big all caps bold red warning if the person is a VIP, eg C suite, so they get VIP service - ie anything goes.

https://www.coop.co.uk/cyber-incident

Co-op Group appear to be trying to course correct with their cyber incident comms.

They’re calling it a cyber incident now, and have put a statement on the front page of their website, along with an FAQ. They haven’t yet emailed members (they should). Edit: they’ve started emailing members.

Pardon Our Interruption

Kevin Beaumont May 6

It sounds like the situation at Co-op has got worse. They’ve stopped taking card payments in some stores, it’s cash only. https://www.telegraph.co.uk/business/2025/05/06/co-op-shops-stop-taking-card-payments-amid-cyber-attack/

Co-op shops stop taking card payments amid cyber attack

Stores display handmade signs to warn customers they can only pay in cash after hackers hit retailer

The Telegraph

Kevin Beaumont May 6

People are also taking to social media to post pictures of apparently emptying store shelves.

The Co-op website claims it is down to "technical issues".

Kevin Beaumont May 6

Contactless payment has been fixed at all Co-op Group stores.

One thing for media covering the Co-op thing - attackers are not impersonating IT help desks to gain access. They’re impersonating *staff* calling in to the IT help desks - they’re different things.

Co-op Group are redirecting supplies from their urban stores to remote and island locations due to stock shortages.

The article mentions their EDI platform is suffering “technical issues”. https://www.retailgazette.co.uk/blog/2025/05/co-op-reroutes-stock/

Co-op reroutes stock to rural stores amid cyber attack disruptions - Retail Gazette

The Co-op is redirecting food and drink supplies to stores in rural and remote areas in a bid to protect isolated communities from shortages following a serious cyber attack.

Retail Gazette

https://www.telegraph.co.uk/business/2025/05/04/ill-protect-trans-people-to-the-end-vows-co-op-boss/

I just did a Shodan Safari on Co-op - basically all their Windows and Linux systems in their core DCs at network boundary are down, it's not just EDI. It's been like that for just under a week, prior to that things were still online.

I feel really bad for them as it's a great org. Also their CEO is basically the only one who stood up like this for trans people.

‘I’ll protect trans people to the end,’ vows Co-op boss

Interview: Shirine Khoury-Haq says non-binary people bring a ‘massive business benefit’

The Telegraph

If you're wondering about Marks and Spencer - I just did a Shodan Safari of their network boundary, Palo-Alto GlobalProtect VPN remote access access is still offline, 15 days later.

Online orders are still not working, and the store stock checker is disabled now.

Kevin Beaumont May 8

Co-op have paused all non-essential products in stores https://www.retailgazette.co.uk/blog/2025/05/co-op-non-essential/

Co-op pauses deliveries of non-essential items amid cyber attack - Retail Gazette

Co-op has paused its orders of non-essential products amid the fallout from its cyber attack.

Retail Gazette

Kevin Beaumont May 8

Every detail in this article is wrong. The M&S incident had nothing to do with hybrid working.

Marks and Spencer’s online shopping is still offline 3 weeks later. It is thought they have lost around £63m so far, excluding IR, BCP and ransom payment costs. https://www.drapersonline.com/news/ms-online-shopping-outage-enters-third-week

M&S had a significant amount of data stolen btw, but they’ve opted not to tell customers or staff.

https://www.thegrocer.co.uk/news/co-op-societies-hit-by-availability-issues-amid-ongoing-cyberattack-on-co-op-group/704305.article

The Grocer reports 4 regional Co-ops, who aren’t part of Co-op Group, are suffering stock shortages as they are supplied by Co-op Group.

They expect customers to start to see availability issues on shelves in the coming days.

Co-op societies hit by availability issues amid ongoing cyberattack on Co-op Group

Midcounties Co-op, Heart of England Co-op and Lincolnshire Co-op have all confirmed disruption to the supply of food to stores

The Grocer

https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

For orgs looking for defence tips for the attacks on UK retailers, this blog from 2022 about the UK teenagers in LAPSUS$ has relevance.

As a plot twist - not documented anywhere online, but LAPSUS$ first attacks in 2021 were against UK high street retailers.

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction | Microsoft Security Blog

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.

Microsoft Security Blog

For anybody wondering what 'dial into the incident response bridge' means, it means they'll literally Teams call into cyber IR bridges as themselves and just extort you to your face. They'll also call CISOs etc. Bad Times at the El Royale.

Kevin Beaumont May 10

Marks & Spencer bureau de change staff are being forced to use pen and paper to serve customers as a result of the cyber attack on the retailer and cannot accept card payment. https://www.thisismoney.co.uk/money/markets/article-14696595/Hack-rocks-Marks-Spencer-bureau-change.html

Hack rocks Marks & Spencer bureau de change

M&S bureau de change staff are being forced to use pen and paper to serve customers. The travel money desks are also unable to accept card payments in some cases.

This Is Money

Kevin Beaumont May 10

Co-op Group have provided some more detail about what it’s doing about remote lifeline stores (ones where they’re the main/only retailer on an island):

“From Monday, 12 of the most remote lifeline stores will receive treble the volume of available product, and another 20 lifeline stores will get double the volume.” https://www.bbc.com/news/articles/c071e7x80djo

Co-op cyber attack: Islanders facing empty shelves say 'get the people fed'

The picturesque island of Islay in the Western Isles is dealing with the real world impacts of the major supermarket hack.

Kevin Beaumont May 10

DragonForce Ransomware Cartel’s portal is back online after a multi week outage. No sign of M&S or Co-op’s data.

All M&S recruitment is still stopped, 19 days in. https://jobs.marksandspencer.com/

I think Co-op may have stopped recruitment too, they’re a big employer so usually have hundreds of open positions - currently they have 17, and most close today and the rest in a few days.

The Record quotes a Co-op worker as saying they are operating at well below 20% of their normal capacity in depots. https://therecord.media/co-op-cyberattack-uk-company-fears-hackers-still-in-system

Fears 'hackers still in the system' leave Co-op shelves running empty across UK

U.K. retailer the Co-op is still having trouble with keeping grocery shelves stocked as it continues to respond to an attempted cyberattack that forced it to shut down some systems two weeks ago.

Allianz supplies Marks and Spencer's cyber insurance, and will apparently suffer a full tower loss (i.e. it's going to be expensive) https://www.insuranceinsider.com/article/2esiwg4yv6p38pcf2pgxs/lines-of-business/cyber/allianz-leads-cyber-cover-for-m-s-ransomware-attack

Allianz leads cyber cover for M&S ransomware attack

The Willis-brokered coverage also includes the Willis CyXS facility.

Insurance Insider

People in Machynlleth are apparently turning up at local farms in search of food due to lack of produce at Co-op https://www.cambrian-news.co.uk/news/cyber-attack-people-turning-up-at-farms-as-machynlleth-co-op-shelves-remain-bare-792434

Cyber attack: People 'turning up at farms' as Machynlleth Co-op shelves remain bare

A cyber-attack has left Machynlleth’s only supermarket with empty shelves, with some residents ‘turning up at farms’ in an attempt to find fresh produce.

cambrian-news.co.uk

Co-op stores in Sheffield, Badenoch, Dunfermline and many other places are apparently running out of produce - it's not possible to keep up with the local media reports but they're basically bored reporters get sent out to photograph half empty fridges.

This ITV News report linking the Co-op and M&S breaches to SIM swapping is not accurate, no source given. https://www.itv.com/news/2025-05-12/sim-swap-fraud-rises-by-1000-as-criminals-exploit-two-factor-authentication

They also have a report today saying Co-op stores are restocked, which is also not accurate - that one is sourced from Co-op, but obviously doesn’t stack up to looking in Co-op stores.

If anybody is wondering, all of Marks and Spencer's Palo-Alto GlobalProtect VPN boxes are still offline, 3 weeks later. Pretty good containment method to keep attackers out.

Co-op's VDE environment is still down, too.
https://cyberplace.social/@GossiTheDog/114399017367179104

Kevin Beaumont (@GossiTheDog@cyberplace.social)

Attached: 1 image M&S use Palo-Alto GlobalProtect for VPN, they took all the endpoints offline days ago (usually first stage containment for ransomware/extortion groups).

Cyberplace

Kevin Beaumont May 13

M&S confirm my toot from 3 days ago that a significant amount of customer and staff data was stolen. They’ve known for weeks but opted not to tell anybody. https://www.bbc.com/news/articles/c62v34zv828o

M&S says personal customer data stolen in recent cyber attack

The retail giant is still not taking online orders following a cyber attack three weeks ago.

greem May 13

@GossiTheDog Incident response specialists the world over wince into their keyboards.

This is another object lesson in how not to do it. It'll be taught to students in future.

Gary Parker

@greem @GossiTheDog meanwhile, Co-Op are still sending me emails apologising for the lack of products on shelves, with no almost no mention of data loss/appropriation

Bleeping Computer have more on the Co-op breach https://www.bleepingcomputer.com/news/security/co-op-confirms-data-theft-after-dragonforce-ransomware-claims-attack/

https://www.bbc.com/news/articles/cvgnyplvdv8o

One of M&S’ biggest suppliers have said they have reverted to pen and paper for orders due to M&S lacking IT.

Additionally, M&S staff are raising concern about how they will be paid due to lack of IT systems.

M&S are over a week into a ransomware incident and still don’t have their online store working.

M&S supplier back to pen and paper after cyber attack

What's going on behind the scenes in the aftermath of the cyber attack on M&S.

By the way, this is absolutely terrible advice for dealing with a major and high visibility ransomware incident.

There's a report on ITV News that Co-op member data is available on the Dark Web(tm), but as far as I know this isn't accurate. DragonForce's portal hasn't been available for over a week.

https://www.itv.com/news/2025-05-03/worsening-cyberattack-shuts-down-co-op-orders-itv-news-understands

https://www.thetimes.com/business-money/companies/article/m-and-s-cyber-attack-ms-klrnxvwq6

Sunday Times has a piece looking into ransomware incident at Marks and Spencer. It's pretty good, goes into their contain and eradicate focus.

One error in the article - lack of recovery doesn't mean no ransomware paid. Paying is not quick restoration.

Inside the M&S meltdown: 3am meetings and £40m a week in lost sales

Two weeks after a cyberattack engulfed the retailer, the disruption is continuing — and threatening to undermine its hard-won turnaround

The Sunday Times

Big Game Ransomware: the myths experts tell board members

There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to…

DoublePulsar

https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers

Great NCSC piece by @ollie_whitehouse

I’d add - block by Entra policy specifically High risk logins (below is too FP prone), and SOC monitor them. SOC playbook = account probably compromised. How?

Incidents impacting retailers – recommendations from the NCSC

A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.

https://news.sky.com/story/amp/mands-had-no-plan-for-cyber-attacks-insider-reveals-with-staff-left-sleeping-in-the-office-amid-paranoia-and-chaos-13361359

M&S dispute this, saying they have robust business continuity plans.

M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos'

Sky

https://www.coop.co.uk/cyber-incident

BBC News has a look at teenagers phoning helpdesks and pretending to be the CISO. https://www.bbc.com/news/articles/c4grn878712o

Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre

The NCSC urges firms to check IT help desk "password reset processes" as hackers target retailers.

Co-op Group appear to be trying to course correct with their cyber incident comms.

Pardon Our Interruption

TheTomas May 5

@GossiTheDog oh Well BC (Business Continuity) seems not to be on their priority list at all? That's Interesting...

groff 🇺🇦May 5

@GossiTheDog
I got an email from the Co-op a couple of hours ago.

Landwomble May 5

@GossiTheDog they've stopped taking cash payments today in my local one for first time

Gary Parker

May 5

@GossiTheDog I got an email (as a member) at about 16:20 this afternoon on the subject

MJ Ray May 5

@WiteWulf @GossiTheDog but of course, any member with better IT security than the co-op isn't allowed to read it until they run random scripts from a company that just got hacked!

Tom May 5

@GossiTheDog noticed the shelves in my local Co-op were not looking good this evening. Looks like they are struggling getting items ordered via their fallback methods.

Elias Mårtenson May 6

@GossiTheDog interestingly enough, trying to folloy the link gave me this.

catatonicprime May 5

@GossiTheDog we have this VIP setting. However it is not used that way for us. We use it to track if you're an asshole. So it's more like the different color bands for cats at a shelter. This one is known to be aggressive, exercise extreme caution when engaging/escalate quickly to someone else who can.

NosirrahSec 🏴‍☠️ guillotine enthusiast May 5

@catatonicprime @GossiTheDog we hang up on users that get aggressive, etc.

Lol who the fuck is gonna sit there and take shit from anyone?

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀May 5

@catatonicprime @GossiTheDog great use case

R.C.May 5

@GossiTheDog While in #BandQ today, the staff said they'd been having "some IT Issues like M&S"

Not sure if this was the staff just making a parallel of "generic IT issues" or if there has been some incident they haven't admitted yet

Greengordon May 5

@GossiTheDog

An IT security guy at a place I once worked said the executives were the biggest security vulnerability the company had because they wanted what they wanted and didn't care much about security. I think that's what tool Maersk down a few years ago - some exec installed malware that spread to the entire network.

"they normally put big all caps bold red warning if the person is a VIP, eg C suite, so they get VIP service - ie anything goes."

Michael Weiss May 5

@Greengordon @GossiTheDog I just make a point of getting them to agree to accepting the risk and acknowledging that the Board will get quarterly updates on who is accepting this sort of risk on behalf of the company. The answer isn't "no", and if you as the exec want to hide that you're doing this, you're already admitting that you know it's wrong.

Funny how much more they care about security when their bosses look over their shoulders.

kwayk42 May 5

@GossiTheDog I mean "lying about it and living in crisis mode" is a continuity plan right?

Chester Wisniewski May 5

@GossiTheDog Let me guess, the robust plan is to make it up as they go along and keep systems down for at least a week?

Alesandro Ortiz @ DEF CON 🇵🇷🏳️‍🌈May 5

@GossiTheDog Both can be true, I imagine?

wrosecrans May 5

@GossiTheDog This is basically the plan for most businesses in reality.

It's fine to talk about stuff being "widely known best practice," but when IT shows up with big expenses for backups and security, the MBA's always decide it's more important to rightsize the headcount and operate lean. Many IT departments report up through an MBA and not a technical person, and many IT people are terrible at communicating risk dramatically enough to get money.

Kevin Riggle May 5

@GossiTheDog What’s the Mike Tyson quote? “Everybody has a plan until they get punched in the face”?

Matt Palmer May 5

@GossiTheDog the business continuity plans are so robust they've been successfully stopping the CFO's desk from wobbling for the past fourteen years.

Jamie Dowling May 5

@GossiTheDog After watching hours of the COVID UK Inquiry and the Post Office Horizon Inquiry, anyone saying something is "robust" is lying to cover their ass.

Floating Onion May 5

@GossiTheDog If you don’t test it properly, it doesn’t count. See also failover and backups.

StaffSRE1138 May 5

@GossiTheDog The thing that gets me is that the two statements are probably true for the people who said them. The Security group may have wargamed and prepared for malware attacks, and done so in a way that no one else in the technical stack even noticed happening (beyond some new agent installs being requested). So when the attack comes, the Security plan swings into action and no one outside of Security knows what it is or has practiced it.

This is high visibility. Executives step in to make Declarations, complicating the response. This is an incident big enough to need sub-commands to track various workflows, reporting up to a rotating incident command. Everyone wants to help, the workflows aren't well defined yet, and people help on their own authority (thanks to Command not having a clear picture yet and guiding where help would be good) and maybe make things worse in a few spots.

We had a plan.
It is chaos.
Both are true.

vampirdaddy May 4

@GossiTheDog @ollie_whitehouse
Do egress filtering (esp. for servers) with alerting.
If there is unknown communication, then you have either a misconfiguration or a problem.

Keep critical IT infrastructure (network, firewalls, SAN/NAS, virtualisation, backups) separated from Active Directory.

Do not couple internet-facing systems (including VPN and M365) with your local AD.

Brian Clark May 5

@GossiTheDog @ollie_whitehouse One Entra Conditional Access policy to block high risk logins, a second policy to block high risk users. You most likely want to do both, and need to do them in separate policies

VessOnSecurity May 4

@GossiTheDog I agree with most of your arguments. (In fact, the only one I take exception with is comparing ransomware with climate change. Ransomware is a much more real and urgent problem.) Those are pretty much arguments I've used myself when advising customers hit by ransomware not to pay.

But, ultimately, it's the company's decision. Even if the company makes the wrong decision, the government shouldn't be the one who decides for them.

The organizational structure of ransomware groups is evolving rapidly.

The Ransomware-as-a-service (RaaS) model has not recovered from law enforcement disruption, and the entrance of novice actors along with non-Russian state-linked cybercriminals has led to uncertain outcomes for victims.

Coveware: Ransomware Recovery First Responders

[realhackhistory@home]#May 4

@GossiTheDog @bontchev was going to post that link, I believe it too. I remember even years ago the Irish Health Service was given decryption keys and still struggled for months and months to recover data.

Ivor Hewitt May 4

@GossiTheDog superb summary. Surprising it still hasn't been made mandatory to report incidents, and clearly payments to criminal groups should have been outlawed before now. You'd have thought that would easily have fallen foul of the existing anti-money laundering/anti corruption regs.

Gabriel Pettier May 4

@GossiTheDog it's good to make that known, i remember reading pieces about how professional the "commercial" side of these groups were and how companies found it so compeling to pay for the "service", that gave me an impression of a much better argument for doing so (with the downside that it does fund crime and rewards it).

dave May 4

@GossiTheDog I caught a typo similar to ones I make, hope this helps.
"Travelex aren’t alone. When I covered the Capita ransomware, they paid quietly paid"
maybe delete one of the "paid"s

dave May 4

@GossiTheDog My thought after reading this is very old school.
When the first indication appears, shut everything down. I have seen banks do this, and watched tellers calmly tell customers "I'm sorry, but the system is temporarily shut down" and start from there.
If the breach is stopped quickly enough, you may have a chance.
Also, what about off site storage, that would not be accessible to the attacker?
Ultimately, the decision is a risk management decision, to evaluate as quickly as you can

Jim Salter May 4

@GossiTheDog it absolutely blows my mind that *anybody* pays ransomware attackers off, *ever.* Taking your lumps is better even WITHOUT the fact that you're literally funding them to continue attacking people, and that eventually (if not much, MUCH sooner) they're going to come right back to YOU again for another handout. Very likely, for the same damn attack you just paid them to keep quiet about in the first place.

OnlyMe May 4

@GossiTheDog Apple News link https://apple.news/ArfJU5fghR0WwaguZc8xwxw

Inside the M&S meltdown: 3am meetings and £40m a week in lost sales — The Times and The Sunday Times

Stuart Machin had been looking forward to a long weekend. It was Easter Saturday and the chief executive of Marks & Spencer had retired to his south London home for the evening, after a long day inspecting the aisles of his local M&S branch — something of a Machin pastime. Suddenly, his phone flashed with a call from his head of digital and technology, Rachel Higham, telling him that M&S’s IT systems were not functioning as normal. Neither knew it for certain then, but M&S was under attack by

AnneH May 3

@GossiTheDog I'm not sure people realise that "members" are mutual owners, but "customers" are anyone using co-op services, whether members or not. Not sure which are in the data breach - perhaps both? I think the members' db is probably separate.

George Lund May 3

@annehargreaves @GossiTheDog it's very unlikely they hold a database of customers that aren't members, as they don't do online ordering. If you get their loyalty card, you're a member.

AnneH May 3

@georgelund @GossiTheDog Well you could be a customer of eg the funeral service, in which case they would have your details I guess.

Ollie 🇪🇺🏳️‍🌈🏳️‍⚧️🇵🇸🇺🇦May 2

@GossiTheDog It's terrible advice for any major incident, ransomware or not!

Do these morons learn nothing from history?

Matt Palmer May 3

@distinctdipole if there's one thing we can learn from history, it is that nobody ever learns anything from history.

@GossiTheDog

schrotthaufen May 3

@distinctdipole @GossiTheDog They certainly did not study the Norsk Hydro playbook for dealing with high impact incidents.

0xC0DEC0DE07E9 May 3

@distinctdipole @GossiTheDog yes, they learn nothing.

Mark Shane Hayden May 3

@GossiTheDog "PR advisor" sounds like the *absolute last* person you should take advice from on any matters regarding infosec TBH

@GossiTheDog are they talking about Oracle? 😂

@GossiTheDog oh the thread loaded, I'm caught up

Arazil May 3

@GossiTheDog Sounds like a ransomware episode I dealt with last year... We were told to shut up, clean up, and pretend like it never happened.

Dave 🐶May 3

@GossiTheDog You'd think Dido Harding would know better by now...

Tom DB 🦣May 3

@GossiTheDog He should fire that PR advisor for not doing a proper job.

0xC0DEC0DE07E9 May 3

@GossiTheDog “a former chief executive at another firm and had to deal with a data breach” is an awkward way to say “overpaid jackass who was fired for his handling of a data breach”

Pongolyn May 3

@GossiTheDog the PR advisor probably believes they were told everything.

nyanbinary (goblin arc)May 2

@GossiTheDog ...that is a surprising amount of technical detail for a news report, I like