Loading replies...
×
Show threadKevin BeaumontMay 10
DragonForce Ransomware Cartel’s portal is back online after a multi week outage. No sign of M&S or Co-op’s data.
Show threadKevin BeaumontMay 12
All M&S recruitment is still stopped, 19 days in. https://jobs.marksandspencer.com/
Show threadKevin BeaumontMay 12
I think Co-op may have stopped recruitment too, they’re a big employer so usually have hundreds of open positions - currently they have 17, and most close today and the rest in a few days.
Show threadKevin BeaumontMay 12
The Record quotes a Co-op worker as saying they are operating at well below 20% of their normal capacity in depots. https://therecord.media/co-op-cyberattack-uk-company-fears-hackers-still-in-system
Fears 'hackers still in the system' leave Co-op shelves running empty across UK

U.K. retailer the Co-op is still having trouble with keeping grocery shelves stocked as it continues to respond to an attempted cyberattack that forced it to shut down some systems two weeks ago.

Show threadKevin BeaumontMay 12
Allianz supplies Marks and Spencer's cyber insurance, and will apparently suffer a full tower loss (i.e. it's going to be expensive) https://www.insuranceinsider.com/article/2esiwg4yv6p38pcf2pgxs/lines-of-business/cyber/allianz-leads-cyber-cover-for-m-s-ransomware-attack
Allianz leads cyber cover for M&S ransomware attack

The Willis-brokered coverage also includes the Willis CyXS facility.

Insurance Insider
Show threadKevin BeaumontMay 12
People in Machynlleth are apparently turning up at local farms in search of food due to lack of produce at Co-op https://www.cambrian-news.co.uk/news/cyber-attack-people-turning-up-at-farms-as-machynlleth-co-op-shelves-remain-bare-792434
Cyber attack: People 'turning up at farms' as Machynlleth Co-op shelves remain bare

A cyber-attack has left Machynlleth’s only supermarket with empty shelves, with some residents ‘turning up at farms’ in an attempt to find fresh produce.

cambrian-news.co.uk
Show threadKevin BeaumontMay 12
Co-op stores in Sheffield, Badenoch, Dunfermline and many other places are apparently running out of produce - it's not possible to keep up with the local media reports but they're basically bored reporters get sent out to photograph half empty fridges.
Show threadKevin BeaumontMay 12

This ITV News report linking the Co-op and M&S breaches to SIM swapping is not accurate, no source given. https://www.itv.com/news/2025-05-12/sim-swap-fraud-rises-by-1000-as-criminals-exploit-two-factor-authentication

They also have a report today saying Co-op stores are restocked, which is also not accurate - that one is sourced from Co-op, but obviously doesn’t stack up to looking in Co-op stores.

Show threadKevin BeaumontMay 12

If anybody is wondering, all of Marks and Spencer's Palo-Alto GlobalProtect VPN boxes are still offline, 3 weeks later. Pretty good containment method to keep attackers out.

Co-op's VDE environment is still down, too.
https://cyberplace.social/@GossiTheDog/114399017367179104

Kevin Beaumont (@GossiTheDog@cyberplace.social)

Attached: 1 image M&S use Palo-Alto GlobalProtect for VPN, they took all the endpoints offline days ago (usually first stage containment for ransomware/extortion groups).

Cyberplace
Show threadKevin BeaumontMay 13
M&S confirm my toot from 3 days ago that a significant amount of customer and staff data was stolen. They’ve known for weeks but opted not to tell anybody. https://www.bbc.com/news/articles/c62v34zv828o
M&S says personal customer data stolen in recent cyber attack

The retail giant is still not taking online orders following a cyber attack three weeks ago.

Show threadKevin BeaumontMay 13
Re the Co-op Group breach, Co-op say home addresses of customers were exfiltrated (it was the membership database). This one dates back to my May 2nd toot upthread re home addresses - at the time, they didn't specify home addresses.
Show threadKevin BeaumontMay 13
Co-op Group have 5 open jobs left, with nothing posted for 11 days.
Show threadKevin BeaumontMay 13

Co-op's AGM is this weekend, and M&S yearly results and investor contact are next week.

Gonna be awkward for different reasons, e.g. Co-op is member (customer) owned, so the people's data Co-op had stolen are effectively the shareholders and are invited.

Show threadKevin BeaumontMay 13
The Channel Islands Coop, which is different to Co-op Group, has been able to restock shelves by moving away from Co-op Group for supply distribution and moving to local suppliers. https://www.bbc.co.uk/news/articles/c3d4xvg3x1do
CI Coop secures local supplies amid stock shortages

The supermarket expects "steady improvements each day", after a cyber attack leads to empty shelves.

BBC News
Show threadKevin BeaumontMay 13

The Grocer reports Nisa and Costcutter are running out of fruit & veg, fresh meat and poultry, dairy products, chilled ready meals, snacks and desserts.

Nisa and Costcutter are supplied by Co-op Wholesale, which is dependent on Co-op Group.

“It’s really poor. I feel bad for them but what makes it worse is their hush-hush mentality about it. There’s no proper level of communication and we get random updates.”

Co-op Wholesale claim there are no problems. https://www.thegrocer.co.uk/news/nisa-and-costcutter-hit-by-stock-shortages-amid-co-op-cyberattack/704393.article

Nisa and Costcutter hit by stock shortages amid Co-op cyberattack

In communications sent to retailers, the symbol groups listed products that were either 'temporarily unavailable' or 'out of stock' as a result of supplier issues

The Grocer
Show threadKevin BeaumontMay 13
A look at supplies in stores today, after Co-op told ITV yesterday that stores were restocked 😅
Show threadKevin BeaumontMay 13
And a video
Show threadKevin BeaumontMay 13

Co-op Group have told their suppliers that "systemic-based orders will resume for ambient, fresh, and frozen products commencing Wednesday 14 May". They say forecasting system will still be impacted.

https://www.thegrocer.co.uk/news/co-op-to-get-systems-back-on-track-after-cyberattack/704425.article

Co-op to get systems back on track after cyberattack

As the Co-op turns orders back online, it has warned suppliers that it is unable to provide 'accurate product forecasting ahead of Wednesday's orders'

The Grocer
Show threadKevin BeaumontMay 13
Harrods say they are not asking customers to do anything differently at this point.
Show threadKevin BeaumontMay 14
Financial Times report Marks and Spencer expect to claim £100m on their cyber insurance, the maximum allowed, suggesting losses probably more. https://www.ft.com/content/723b6195-1ce7-4b5f-94f5-729e9152c578
M&S cyber insurance payout to be worth up to £100mn

UK retailer to file big claim as it admits for first time that some customer data was stolen in recent hack

Financial Times
Show threadKevin BeaumontMay 14

Co-op Group say they have exited containment and begun recovery phase https://www.theguardian.com/business/2025/may/14/co-op-cyber-attack-stock-availability-in-stores-will-not-improve-until-weekend

Marks and Spencer are still in containment

If you want figures for your board to set expectations in big game ransomware incidents, Co-op containment just over 2 weeks, M&S just over 3 weeks so far - recovery comes after.

In terms of external assistance, Co-op have Microsoft Incident Response (DART), KPMG and crisis comms. M&S have CrowdStrike, Microsoft, Fenix and crisis comms.

Co-op cyber-attack: stock availability in stores ‘will not improve until weekend’

Group in ‘recovery phase’ and working closely with suppliers after customers complain of empty shelves

The Guardian
Show threadDr. Christopher KunzMay 13
@GossiTheDog I will henceforth not do anything differntly and therefore continue not to be a Harrods customer.
Show threadIvor HewittMay 13
@GossiTheDog exactly... They should be talking to the butler.
Show threadDave 🐶May 13
@GossiTheDog Forecasting system [right now] === manual stock checks and supply chain staff guessing on spreadsheets where to send things
Show threadlambtorMay 13
@GossiTheDog title sounds like a bad rap line.
Show threadthanneMay 13
@GossiTheDog “Ambient”?
Show threadRob\Viewdata UKMay 13
@thanne @GossiTheDog
Ambient is shop-speak for stuff that is kept at room temperature. So biscuits, tea and coffee, tinned stuff, etc.
Show threadthanneMay 14
@robert @GossiTheDog Interesting, thanks!
Show threadlp0 on fire May 13

@GossiTheDog, TP;DR.

(Too portrait; didn't watch.)

Show threadCabbageBeetsMay 13
@GossiTheDog supplies, supplies...
Show threadDave 🐶May 13
@GossiTheDog All six of the islanders must be happy.
Show threadPhilMay 13
@GossiTheDog Wouldn't be surprised if customers demanded to keep local goods if restock is available again
Show threadJohn Francis 🦫🇨🇦🍁💪⬆️May 13

@GossiTheDog the thieves could probably show up at the AGM and present themselves as a member, since they have access to all the information the Co-Op has on it's membership...number, address, etc.

Short of checking govt. ID or requiring a hard copy of the meeting invite that was mailed to their address. Even then, the thieves might've gotten away with that too.

Show threadRob\Viewdata UKMay 13

@johnefrancis @GossiTheDog
Members who wanted to attend were supposed to indicate this on the agm voting form, which closed midday yesterday. I might have tried, but forgot to go back to it until too late..

I've not had any emails from coop about this, despite being a member. Nor from M&S, though I'm only registered on their app. (I can also continue to ignore Harrods, never having used them!)

Show threadRob\Viewdata UKMay 13
@johnefrancis @GossiTheDog
And 45 mins later I get an email from M&S. Nice of them to reassure us that none of the stuff I can change, like bank cards, was stolen. Only the things I can't change, like date of birth.
Show threadJohn Francis 🦫🇨🇦🍁💪⬆️May 13
@robert @GossiTheDog so inconvenient to dig up Mom's remains and rebirth myself
Show threadHywel MallettMay 13
@GossiTheDog And none of those jobs is CISO! 🤣(yet)
Show threadDave 🐶May 13
@GossiTheDog I wonder if the M&S and Co-op PR departments are constantly waiting for the other to announce something so that they themselves can push out an announcement and hope theirs goes under the radar?
Show threadEveryday.Human DerekMay 13
@GossiTheDog Oh no, which was this Kevin?
Show threadgreemMay 13
@GossiTheDog I've just had an email from M&S. It's a sort-of-nothing-really email.
Show threadgreemMay 13

@GossiTheDog Incident response specialists the world over wince into their keyboards.

This is another object lesson in how not to do it. It'll be taught to students in future.

Show threadGary Parker May 13
@greem @GossiTheDog meanwhile, Co-Op are still sending me emails apologising for the lack of products on shelves, with no almost no mention of data loss/appropriation
Show threadDarran LofthouseMay 13
@GossiTheDog Makes me wonder if this is where my credit card number leaked from a few weeks back.
Show threadAndy HerdMay 13

@GossiTheDog I can only hope this data breach is the kick up the arse needed to abolish the common practice of using date of birth as an (immutable!) security password. Once it’s public knowledge it’s beyond useless… it’s a liability. Especially in banks.

I will not be holding my breath on this one.

Show threadAlexander DyasMay 13

@GossiTheDog

"Importantly, there is no evidence that the information has been shared," he added.

That's fine then, because that will never happen.

Show threadMike SpoonerMay 13
@GossiTheDog Today they apparently emailed all customers that have ever purchased items from their online store. I received two such emails, an apologetic one from Stuart (CEO), and a slightly more explanatory one from Jayne Wall (Customer Services).
Show threadshoaibusman88May 13
@GossiTheDog Hey Kevin, How can we connect on message?
Show threadDr. David McBride (dwm)May 13
@GossiTheDog This is a remarkably shit email.
Show threadNeil BrutalistMay 16
@GossiTheDog when I temped at M&S I had to find some documents in the microfiche archive. Even better way to keep attackers out.
Show threadDavid Penfold May 12
@GossiTheDog
It would end not with a bang but with a hamper.
Show threadDave 🐶May 12
@GossiTheDog [Random villager running off with a pig under their arm] "I've always been an advocate for 'Direct Farm to Fork'"
Show threadSimon ZerafaMay 12

@GossiTheDog

To be fair a lot of small producers do have farm shops, not just Jeremy flippin' Clarkson 😆🤷‍♂️

Show threadraspberryswirlMay 12
@GossiTheDog its prob fraud, why you need an cyber insurance? to increase the manager bonuses, with the salaries of the workers ... it must be fraud
Show threadw00pMay 12
@GossiTheDog 
Show threadDave 🐶May 10
@GossiTheDog Did someone take their portal down, saying that they shouldn't "do crime"?
Show threadd4rkshell May 11
@Cyberoutsider that was the LockBit portal.
Show threadRiley S. FaelanMay 10
@GossiTheDog Perhaps they were on vacation.
Show threadJulia RezMay 10

@GossiTheDog

(treasonable talk about why can't these people fuck up a newspaper or two?)