M&S boss confirms DragonForce behind cyber attack

Marks and Spencer chair Archie Norman has confirmed to a Parliamentary select committee that hacker group DragonForce was behind the cyber attack which forced the company to halt online orders and left customers with empty shelves.

Norman told MPs that he believed the group was motivated by “partly, undoubtedly, ransom or extortion” and that the hackers were seeking to “destroy M&S”.

The company has repeatedly declined to comment on whether it paid any ransom, which would likely have been in the millions, with Norman telling MPs the company would not “discuss the nature of the interaction with the threat actor”.

Norman admitted that M&S had “legacy systems” because of its age as a company but hit back at claims that its systems were vulnerable stating: “Just to be clear, there have been media reports that M&S left the back door open… that’s all Horlicks, the attacker only has to be lucky once.”

He also stated that the attacker gained access to the company’s systems through a “sophisticated impersonation”.

M&S is still reeling from the attack and not all of its systems are up and running again despite the company restarting online orders on a selection of fashion items across England, Scotland and Wales last month.

The firm stated that it expects a hit of around £300m on 2025/26 operating profit, before cost mitigation, insurance and trading actions.

MPs also heard from Co-op general secretary Dominic Kendal-Ward who revealed that the company “did not pay a ransom and did not contemplate or at any point discuss paying a ransom.”

In May Co-op shut down parts of its IT systems in response to hackers attempting to gain access to them. It stated at the time that the “proactive measures” it had taken to fend off the attack had had a “small impact” on its call centre and back office.