M&S CEO was sent ransom demand from hackers

A group of hackers that attacked M&S’ systems sent an email directly to the retail giant’s chief executive Stuart Machin to gloat and demand payment.

The message, seen by the BBC, was sent to Machin on 23 April from hacker group DragonForce using an account of a staff member.

It confirms for the first time that M&S had been hacked by the ransomware group.

“We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers,” the hackers wrote in an email.

“The dragon wants to speak to you so please head over to [our darknet website].”

The message, which contained the n-word, was sent to Machin and seven other executives.

The group bragged about installing ransomware across the retailer’s IT system to render it useless and stealing the private data of millions of customers.

M&S first reported it had been hit by a cyber attack over the Easter bank holiday weekend. It confirmed almost three weeks later that customer data may have been stolen.

The email appears to have been sent using the account of a worker from the Indian IT giant Tata Consultancy Services (TCS) – which has provided IT services to M&S for over a decade.

The IT employee based in London has an M&S email address but is a paid TCS employee. It appears that he was hacked in the attack.

The firm, which is investigating whether it was a gateway for the cyber attack, told the publication that the message was not sent from its system and had nothing to do with the breach.

Click here to sign up to Retail Gazette‘s free daily email newsletter