How to Prevent the Next M&S Data Breach

We’ve been tracking the Marks & Spencer (M&S) hack since the company first confirmed it back in April. And while it’s still wreaking havoc on the retailer, Google’s threat team expects the hacking group responsible for the attack to turn their attention to retailers in the United States.

What we know about the M&S data breach

Scattered Spider (or UNC3944) the hacking group with members in the United States and the UK, is the group responsible for the initial breach. The attackers initially obtained password hashes from the Active Directory NTDS.dit file. Once they were inside the network, they resorted to social engineering tactics to elevate their access privileges. Some reports also show that members of Scattered Spider may have collaborated with members of DragonForce for the ransomware component of the attack.

Though M&S has not confirmed the volume of customer records that were stolen, it has confirmed that personal customer details, including order history have been stolen. It’s worth noting they also confirmed that information does not include usable payment details or account passwords. An analyst estimates pegs the cost of the attack to be £43m per week for the retailer. 

Data breaches like the M&S attack disrupt business

I got a chance to ask our Chief Data Strategy Officer Ronan Murphy about the M&S data breach. Here’s what he had to say:

Extortion-focused attacks like this one are extremely disruptive for retailers both in terms of data compliance and business operations. That is why we remain committed to helping retail customers all over the world to protect customer data and to prevent breaches from happening in the first place.

And speaking of Ronan, he recently shared more of his perspective on this topic in this interview with Claire Byrne.

Protecting data is always key

Just like many other retail attacks before it, the M&S hack highlights the importance of protecting data. For retailers and banks that comes down to protecting customer Personally Identifiable Information (PII).  At Forcepoint, our focus continues to be about providing visibility and control to protect your organization’s critical data. 

That starts with tools like the threat protection that comes with Forcepoint Web Security. And we’ve designed dynamic tools like Data Discovery and Response (DDR) to prevent breaches and to also work in parallel with our Data Security Posture Management (DSPM) to provide a comprehensive view of data whether it’s at rest or in use. 

Our Forcepoint Data Security Cloud platform unites all these tools and more with our award-winning DLP solution that allows policy management and enforcement across all channels your organization’s data flows through every day. 

To learn more about how we can help your organization secure all your data, talk to an expert today.