company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Hacker

loading..
loading..
loading..

California Hacker Ryan S. Hernandez To be Imprisoned For Three Years

A computer hacker who stole information from Nintendo and was caught with child pornography on his computer.

05-Dec-2020
2 min read

No content available.

Related Articles

loading..

Healthcare

Yale New Haven Health data breach exposed the personal information of 5.5M patie...

Connecticut's largest healthcare system, Yale New Haven Health System (YNHHS), has reported a significant data breach affecting approximately 5.5 million patients. The cyberattack, which occurred in March 2025, allowed unauthorized access to sensitive patient information including personal identifiers and some healthcare-related data. While the organization has implemented mitigation measures and begun notifying affected individuals, the incident has already resulted in multiple class-action lawsuits. This breach represents one of the largest healthcare data compromises reported in 2025 and highlights the persistent cybersecurity challenges facing the healthcare sector. ## Timeline and Discovery of the Breach The security incident began on March 8, 2025, when YNHHS detected unusual activity affecting its information technology systems[1][4][14]. The organization immediately took steps to contain the incident, engaging external cybersecurity experts, including Mandiant, to assist with system restoration and forensic investigation. Federal law enforcement authorities were promptly notified about the breach. On March 11, 2025, YNHHS made its first public statement about the cybersecurity incident, acknowledging system disruptions but emphasizing that patient care operations remained unaffected[1]. Approximately one month later, on April 11, 2025, the healthcare system confirmed through its investigation that the incident was indeed a data breach, revealing that an unauthorized third party had gained network access and obtained copies of certain data. The data breach was formally reported to the U.S. Department of Health and Human Services Office for Civil Rights on April 11, 2025, with documentation confirming that 5,556,702 individuals were affected. Beginning April 14, 2025, YNHHS started mailing notification letters to affected patients whose information was involved in the breach. ## Scope of the Compromised Data The investigation revealed that the unauthorized third party accessed YNHHS's network and obtained copies of sensitive patient information[4]. The compromised data varied by individual but potentially included several categories of personally identifiable information and limited healthcare-related data. The types of data exposed in the breach include: - Full names - Dates of birth - Home addresses - Telephone numbers - Email addresses - Race/ethnicity information - Social Security numbers - Patient type classifications - Medical record numbers ImportSignificantly, YNHHS has clarified that specific categories of sensitive information were not compromised in the breach. The organization's statement emphasized that electronic medical records and treatment information were not accessed during the incident. Additionally, financial account details and payment information were also confirmed not to be part of the exposed data. ## YNHHS Response and Mitigation Efforts Yale New Haven Health System implemented a multi-faceted response to contain the breach and mitigate potential harm to affected individuals. Upon detecting the unauthorized activity, the organization immediately engaged cybersecurity firm Mandiant to assist with system restoration and conduct a thorough forensic investigation. The healthcare system also reported the incident to law enforcement authorities, who initiated an ongoing investigation. In accordance with federal regulations, YNHHS began sending notification letters to affected patients on April 14, 2025[1][4]. In a statement on its website, the organization noted: "YNHHS considers the health, safety, and privacy of patients our top priority. We are continuously updating and enhancing our systems to protect the data we maintain and to help prevent events such as this from occurring in the future". For patients whose Social Security numbers were exposed in the breach, YNHHS is offering complimentary credit monitoring and identity protection services. When contacted by media outlets, YNHHS Director of Public Relations Dana Marnane stated that the health system takes its "responsibility to safeguard patient information incredibly seriously"[10]. When pressed by TechCrunch about whether the incident was ransomware-related, Marnane did not dispute this characterization, noting that "the sophistication of the attack leads us to believe that it was executed by an individual or group who has a pattern of these types of incidents"[query]. ## Legal and Regulatory Implications The data breach has promptly triggered legal action, with at least eight federal lawsuits filed against YNHHS as of late April 2025[10]. These class-action complaints allege that the healthcare system failed to adequately protect patients' personally identifiable and health information, particularly sensitive data like Social Security numbers and medical record numbers. The lawsuits further claim that YNHHS delayed clearly notifying affected patients, potentially hindering their ability to take timely protective measures[10]. Plaintiffs are seeking various remedies, including financial damages, free lifetime identity protection services, and comprehensive improvements to the health system's cybersecurity practices[10]. One complaint specifically alleges that YNHHS failed to implement basic security protections such as file encryption, proper employee training on data security, and multi-factor authentication[10]. Another lawsuit claims that patients now face "a lifetime risk of identity theft due to the nature of the information lost, which they cannot change and which cannot be made private again"[10]. Some plaintiffs have reported experiencing an increase in spam calls and phishing attempts since the incident, suggesting that their information may already be circulating in illicit channels[10]. Law firm Levi & Korsinsky, investigating the breach, noted that it exemplifies insufficient data protections in a sector handling highly sensitive personal information[10]. ## Context of Healthcare Data Breaches The YNHHS breach occurs amid a concerning pattern of data security incidents within the healthcare sector. Just days before this breach was publicly confirmed, Blue Shield of California disclosed that it had inadvertently exposed protected health information of 4.7 million members to Google's analytics and advertisement platforms between April 2021 and January 2024[8][11]. Unlike the apparent malicious attack on YNHHS, the Blue Shield incident resulted from a misconfiguration of Google Analytics that allowed sensitive data to be shared with Google Ads[8]. Earlier in 2025, UK healthcare provider HCRG Care Group confirmed it was investigating a cybersecurity incident after the Medusa ransomware group claimed to have stolen more than two terabytes of sensitive data from the company[3]. In that case, the ransomware group threatened to publish the allegedly stolen data unless HCRG paid a $2 million ransom demand[3]. The healthcare sector remains particularly vulnerable to cyberattacks due to the high value of medical data on illicit markets and the critical nature of healthcare operations that creates pressure to resolve disruptions quickly. According to cybersecurity experts, about 83% of organizations admit to paying hackers following a ransomware attack, with more than half paying at least $100,000[7]. However, paying ransoms carries significant risks-80% of ransomware victims who paid were subsequently targeted again, often with higher ransom demands[7]. As of the reporting date, no major ransomware group has publicly claimed responsibility for the YNHHS attack[1]. However, the spokesperson's comments about the "sophistication of the attack" and reference to attackers with "a pattern of these types of incidents" suggest potential ransomware involvement, though the healthcare provider has declined to confirm whether it received any ransom demands[query]. ## Conclusion The Yale New Haven Health System data breach represents one of the most significant healthcare security incidents of 2025, affecting approximately 5.5 million patients. While the organization acted quickly to contain the breach and has begun offering protective services to those with exposed Social Security numbers, the incident has already generated multiple lawsuits and raised serious questions about data security practices within the healthcare sector. For affected individuals, the breach creates potential long-term risks of identity theft and fraud, particularly concerning given the sensitive nature of the exposed information. Patients whose data was compromised should carefully monitor their credit reports and financial accounts for suspicious activity, consider accepting the offered credit monitoring services, and remain vigilant against potential phishing attempts that might leverage the stolen information. The incident underscores the persistent and evolving cybersecurity challenges facing healthcare organizations, which must balance operational demands with the need to protect vast amounts of sensitive patient information. As investigations continue and legal proceedings advance, this breach will likely influence healthcare security practices and potentially shape regulatory approaches to data protection in the healthcare sector. Citations: [1] https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ [2] https://www.govinfosecurity.com/yale-new-haven-health-notifying-55-million-march-hack-a-28081 [3] https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/ [4] https://www.pymnts.com/cybersecurity/2025/yale-new-haven-health-system-reports-data-breach-affecting-5-5-million-patients/ [5] https://www.techtarget.com/healthtechsecurity/news/366623025/Yale-New-Haven-Health-notifies-nearly-56M-people-of-breach [6] https://www.hartfordbusiness.com/article/federal-judge-oks-1m-settlement-in-ynhh-retirement-fee-lawsuit [7] https://techcrunch.com/2023/10/31/ransomware-victims-paying-hackers-ransom/ [8] https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/ [9] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [10] https://yaledailynews.com/blog/2025/04/25/patients-sue-ynhh-after-cyberattack-compromises-health-data/ [11] https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/ [12] https://yaledailynews.com/blog/2025/02/12/ynhh-systematically-underpaid-employees-lawsuit-alleges/ [13] https://www.hhs.gov/sites/default/files/new-haven-resolution-agreement-corrective-action-plan.pdf [14] https://www.ynhhs.org/legal-notices [15] https://aspe.hhs.gov/sites/default/files/private/pdf/77196/rpt_Disclosure.pdf [16] https://www.ynhhs.org/policies [17] https://www.techmonitor.ai/technology/cybersecurity/ynhhs-cyberattack-data-5-5-million-patients [18] https://patch.com/connecticut/across-ct/details-emerge-number-patients-impacted-yale-data-breach [19] https://www.digitalhealthnews.com/yale-new-haven-health-breach-exposes-data-of-5-5-mn-patients [20] https://www.ynhhs.org/policies [21] https://yaledailynews.com/blog/2023/10/13/following-cyberattack-yale-new-haven-health-asks-for-state-aid-lowered-price-to-aquire-connecticut-hospitals/ [22] https://www.bankinfosecurity.com/yale-new-haven-health-notifying-55-million-march-hack-a-28081 [23] https://ssojet.com/blog/yale-new-haven-health-data-breach-impacts-over-55-million-patients/ [24] https://www.ynhhs.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident [25] https://yalehealth.yale.edu/nondiscrimination-notice [26] https://ctmirror.org/2024/01/04/ct-welltok-data-breach-ynhh/ [27] https://www.securityweek.com/5-5-million-patients-affected-by-data-breach-at-yale-new-haven-health/ [28] https://lifehacker.com/tech/yale-new-haven-health-data-breach [29] https://www.ctpost.com/business/article/yale-new-haven-health-data-breach-20292710.php [30] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [31] https://www.hipaajournal.com/yale-new-haven-health-system-data-breach/ [32] https://www.malwarebytes.com/blog/news/2025/04/4-7-million-customers-data-accidentally-leaked-to-google-by-blue-shield-of-california [33] https://www.ynhhs.org [34] https://news.bloomberglaw.com/daily-labor-report/yale-new-haven-health-system-hit-with-wages-hours-class-action?context=search&index=7 [35] https://www.beckershospitalreview.com/cybersecurity/yale-new-haven-seeks-price-reduction-in-hospital-acquisition-amidst-cyberattack-fallout.html [36] https://www.techtarget.com/healthtechsecurity/news/366623133/Blue-Shield-of-California-Data-of-millions-shared-with-Google [37] https://www.ynhh.org/patients-visitors/patient-rights-responsibilities [38] https://yaledailynews.com/blog/2025/04/25/patients-sue-ynhh-after-cyberattack-compromises-health-data/ [39] https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/ [40] https://www.securityweek.com/blue-shield-of-california-data-breach-impacts-4-7-million-people/ [41] https://aspe.hhs.gov/reports/records-computers-rights-citizens [42] https://www.nbcconnecticut.com/news/local/yale-new-haven-health-investigating-cybersecurity-incident-affecting-it-services/3517226/ [43] https://www.ctinsider.com/business/article/yale-new-haven-health-data-breach-20292710.php [44] https://www.hartfordbusiness.com/article/yale-new-haven-health-faces-lawsuits-over-data-breach-health-system-discloses-more-details [45] https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ [46] https://medicalbuyer.co.in/ynhhs-pmh-locked-in-legal-battle-over-435m-hospital-deal/ [47] https://www.lmhospital.org/news/yale-new-haven-health-notifies-patients-of-data-security-incident [48] https://www.tradingview.com/news/reuters.com,2025-04-17:newsml_GNXc7h6Z4:0-lynch-carpenter-investigates-claims-in-yale-new-haven-health-systems-data-breach/ [49] https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/ [50] https://www.hhs.gov/sites/default/files/fy-2018-foia-log.xlsx [51] https://www.pymnts.com/cybersecurity/2025/yale-new-haven-health-system-reports-data-breach-affecting-5-5-million-patients/ --- Answer from Perplexity: pplx.ai/share

loading..   26-Apr-2025
loading..   11 min read
loading..

Zero Day

Watering Hole

We have been tracking the latest attack campaign by the Lazarus group since last...

Lazarus Group‚ North Korea's most notorious hacking collective, has breached at least six major South Korean corporations using never-before-seen vulnerabilities in mandatory security software. Dubbed **Operation SyncHole*, the campaign exploited weaknesses in tools required for online banking and government services, marking one of the most sophisticated supply-chain attacks in recent memory. --- ## Cyber Espionage Campaign Targets Critical Industries The Lazarus Group, sanctioned by the UN for funding Pyongyang‚Äôs weapons programs, infiltrated organizations across software development, semiconductor manufacturing, telecommunications, and finance between November 2024 and February 2025. Kaspersky researchers revealed that the attackers weaponized *Cross EX* and *Innorix Agent*‚Äîtwo programs mandated by South Korean law for secure web transactions‚to hijack systems and steal sensitive data[^1]. Victims included unnamed Fortune 500 semiconductor firms and IT giants central to South Korea‚Äôs tech-dominated economy. While six companies are confirmed compromised, analysts warn the true scale is likely far greater. ‚ÄúThese tools are installed on millions of devices,‚Äù said Sojun Ryu, a Kaspersky researcher. ‚ÄúEvery user who updated their software was a potential target[^1].‚Äù --- ### Watering Hole Attacks The operation began with a **brazen manipulation of South Korean media**. Hackers compromised legitimate news websites, embedding code that redirected specific visitors to fake software download portals. One such site, *smartmanagerex[.]com*, mimicked the official Cross EX vendor, tricking users into triggering exploits[^1]. ‚ÄúImagine reading the morning news and unknowingly downloading malware,‚Äù explained a KrCERT spokesperson. ‚ÄúThe Lazarus Group profiled visitors like predators at a watering hole, striking only high-value targets[^1].‚Äù --- ### Zero-Day Exploits: The Invisible Keys to South Korea‚Äôs Networks At the campaign‚Äôs core lay two critical vulnerabilities: 1. **Cross EX Privilege Escalation**: A flaw in the widely used browser plugin allowed hackers to execute malicious code with system-level access. Researchers confirmed identical attack patterns across all victims, suggesting a single exploit chain[^1]. 2. **Innorix Agent Arbitrary File Download**: A patched but previously unknown vulnerability (KVE-2025-0014) let attackers move laterally through corporate networks, deploying backdoors on internal devices[^1]. The Lazarus Group even developed a custom tool, *Innorix Abuser*, to automate victim profiling and payload delivery. ‚ÄúThis wasn‚Äôt a smash-and-grab‚Äîit was a surgical strike,‚Äù noted Ryu. ‚ÄúThey understood South Korea‚Äôs digital infrastructure better than many local firms[^1].‚Äù --- ## Spy Tools Borrowed from Cybercrime‚Äôs Darkest Corners Operation SyncHole showcased Lazarus‚Äô rapidly evolving toolkit, blending legacy malware with cutting-edge tradecraft: ### ThreatNeedle 2.0: The Spy That Never Sleeps An upgraded version of Lazarus‚Äô signature backdoor used **Curve25519 elliptic-curve encryption** to secure communications. The malware‚Äôs ‚ÄúCore‚Äù component supported 37 commands, enabling real-time file theft, screen capture, and persistence via compromised Windows services[^1]. ### wAgent‚Äôs Crypto Twist Masquerading as *liblzma.dll*, this revamped malware employed the **GNU GMP library** for RSA encryption‚Äîa first for Lazarus. It communicated via HTTP requests disguised as routine browser traffic, complete with decoy cookies like `__Host-next-auth-token[^1]`. ### SIGNBT and COPPERHEDGE: The Cleanup Crew Later attack phases shifted to **SIGNBT 1.2** and **COPPERHEDGE**, tools optimized for evading detection. COPPERHEDGE hid configuration files in Alternate Data Streams (ADS), while SIGNBT used RSA-encrypted AES keys to cloak exfiltrated data[^1]. --- ## How Researchers Unraveled the Plot The breakthrough came from analyzing command timestamps. ‚ÄúMalware executions clustered between GMT 00:00‚Äì09:00‚ÄîPyongyang‚Äôs business hours,‚Äù revealed Ryu. This temporal footprint, paired with historic Lazarus tactics, cemented North Korean attribution[^1]. A critical error also exposed the hackers: **misused Windows commands**. ‚ÄúThey tried killing processes with `/im` instead of PID numbers,‚Äù chuckled a researcher. ‚ÄúEven elite spies get sloppy[^1].‚Äù --- ## Fallout and Future Threats While patches for Cross EX and Innorix Agent are now available, experts warn the Lazarus Group retains stolen source code. ‚ÄúMore zero-days are inevitable,‚Äù cautioned a KrCERT advisory. South Korea‚Äôs National Cyber Security Center has urged corporations to: - Audit all software dependencies - Monitor for anomalous SyncHost.exe activity - Deploy behavior-based threat detection This detects related malware as `Trojan.Win64.Lazarus` and `MEM:Trojan.Win32.SEPEH.gen`, but the Lazarus Group‚Äôs shift toward **lightweight, modular tools** poses an ongoing challenge. As Ryu grimly notes, ‚ÄúToday‚Äôs fix is tomorrow‚Äôs exploit. This war has no end[^1].‚Äù

loading..   25-Apr-2025
loading..   4 min read
loading..

Cyberattack

Marks & Spencer suffers a cyberattack disrupting Click & Collect and contactless...

British retail giant Marks \& Spencer (M\&S) has confirmed it is managing a cyberattack that has disrupted several key customer services, including its Click and Collect system and contactless payment capabilities. The incident, disclosed on April 22, 2025, has forced the company to implement temporary operational changes while it works with external cybersecurity experts to investigate and resolve the situation. ## Cyber Incident and Its Immediate Impact M\&S revealed that it has been managing a cyber incident for several days, prompting the company to make what it described as "minor, temporary changes" to its store operations[^1][^2]. The cyber incident has primarily affected the retailer's Click and Collect system, causing delays for customers awaiting online orders[^1]. Customers have been advised to wait for confirmation emails before visiting stores for pickups[^9]. Beyond Click and Collect disruptions, the attack has also impacted: - Contactless payment systems in multiple stores[^2][^3][^10] - Gift card and voucher functionality, with some customers reporting inability to use these payment methods[^2][^10] - In-store refund processing capabilities[^2] Despite these disruptions, M\&S has emphasized that all physical stores remain open and that its website and mobile app continue to operate normally[^1][^5][^6]. The company has not disclosed specific details regarding the nature of the cyberattack or whether customer data has been compromised[^1][^3]. ### Timeline of Events The cyber incident appears to have begun during the Easter Bank Holiday weekend, with customer complaints appearing on social media platforms as early as Saturday, April 19, 2025[^3][^11]. The timing is particularly significant as Easter represents the second busiest trading period for retailers after Christmas[^10], potentially maximizing the impact on both M\&S operations and customer experience. M\&S officially confirmed the incident on Tuesday, April 22, 2025, through a statement to the London Stock Exchange and direct communications to customers[^5][^7]. As of April 23, 2025, the company was still working to resolve the issues[^1][^6]. ## M\&S Response and Crisis Management Upon discovering the cyber incident, M\&S implemented a multi-faceted response strategy focusing on containment, investigation, and customer communication. ### Technical and Operational Response M\&S has engaged external cybersecurity experts to assist with investigating and managing the incident[^1][^6][^9]. The company stated it is "taking actions to further protect our network and ensure we can continue to maintain customer service"[^7][^9]. These actions include reinforcing network security while working to restore affected services[^1]. As required by regulations, M\&S has reported the incident to: - The National Cyber Security Centre (NCSC)[^2][^5][^7] - Relevant data protection supervisory authorities, including the Information Commissioner's Office (ICO)[^2][^5][^7] ### Customer Communication M\&S Chief Executive Stuart Machin issued a statement apologizing for the inconvenience caused to customers[^2][^10]. The company has emphasized that "customer trust is incredibly important" and promised to provide updates if the situation changes[^5][^7]. William Dixon, a Senior Associate Fellow for Cyber and International Security at the Royal United Services Institute (RUSI), praised M\&S's customer communications about the incident as "textbook," highlighting the empathy, transparency, and reassurance provided in their messaging[^2]. ## Potential Nature and Motivations Behind the Attack While M\&S has not confirmed the specific type of cyberattack, cybersecurity experts have offered several insights based on the pattern of disruption. ### Ransomware Speculation The disruption to payments and online services suggests a possible ransomware attack[^3][^9]. If ransomware is indeed behind this attack, data may have been stolen to be used as leverage to convince the company to pay a ransom[^9]. As of April 23, 2025, no ransomware group or threat actor had claimed responsibility for the attack[^1][^9]. Cybersecurity analysts suggest that if ransomware is involved, attackers may attempt to pressure M\&S privately before making any public statements or demands[^1]. This aligns with typical ransomware tactics where stolen data is often used as leverage to extract payments from victims[^1]. ### Strategic Timing The timing of the attack during the Easter Bank Holiday weekend appears strategic. Ian McShane, a security expert at cybersecurity firm Arctic Wolf, noted that the challenges faced by M\&S demonstrate that "cyber attackers never take a day off"[^10]. He explained that "criminals are always seeking to create the most disruption with the least effort," and targeting a major retailer during a busy holiday shopping period maximizes impact[^10][^11]. ## Broader Context and Industry Implications The M\&S cyber incident is not occurring in isolation but rather as part of a concerning trend affecting major organizations in the UK and globally. ### Retail Sector Vulnerability The retail sector remains a prime target for cybercriminals for several reasons: - High public brand awareness that criminals can leverage for notoriety[^11] - Seasonal nature of the business, allowing attackers to time their strikes during critical sales periods to maximize pressure[^11] - Increasing adoption of omnichannel approaches and new technologies that expand the attack surface[^11][^3] According to reports, the consumer cyclicals and non-cyclicals sectors, which encompass retailers, were among the top five most targeted verticals by ransomware gangs in early 2024[^11]. ### Recent Precedents This incident adds to a growing list of similar cyberattacks affecting major UK organizations: - Transport for London was forced to shut down numerous online services following a cyberattack in September 2024[^3] - WH Smith was targeted in 2023, resulting in illegal access to company data, including personal details of current and former staff[^3] - Morrisons encountered significant issues with Christmas orders in late 2024[^10] A 2022 government report revealed that 39% of UK businesses reported cybersecurity breaches or attacks in a 12-month period, highlighting the widespread nature of the threat[^3][^8]. ## Expert Analysis and Recommendations Cybersecurity experts have provided several insights regarding the M\&S incident and its implications for organizational security practices. James Hadley, Founder and CIO at cybersecurity training firm Immersive, noted: "While M\&S communicated the issue clearly and has likely invoked tried and tested incident response processes, attacks like these serve as important reminders that businesses' perception of their cyber resilience may not align with their actual capabilities"[^2]. Jamie Moles, Senior Technical Manager at ExtraHop, emphasized the importance of early detection: "Incidents like this demonstrate how essential it is to have real-time visibility, threat detection and rapid response capabilities across all digital infrastructure. Network visibility can play a pivotal role, helping organizations detect anomalies early, isolate potential threats and maintain service continuity"[^2]. Daniel Card from Chartered for ITBCS remarked that the M\&S incident serves as a "reminder the gap often exists between our perception of cyber resilience and the reality"[^10]. He noted that even well-equipped organizations are not immune to attacks. ## Business Impact and Future Outlook The cyberattack comes at a critical time for M\&S, with its financial year having ended on March 29, 2025, and full-year results scheduled to be announced on May 21, 2025[^6][^15]. Stakeholders will be watching closely to see if the incident has any material impact on performance or customer confidence[^6]. The company's proactive engagement with authorities and cybersecurity experts signals a robust approach to crisis management, aiming to restore full confidence among its customers and investors[^6]. This incident will likely serve as an important test of M\&S's cyber resilience and crisis management capabilities.

loading..   24-Apr-2025
loading..   7 min read