Tyler Buchanan alleged as leader of Scattered Spider gang behind £20m UK retail cyberattacks

More on this

1. https://www.dailyrecord.co.uk/news/scottish-news/dangerous-hacking-gang-led-young-35219101 – Please view link – unable to able to access data
2. https://www.reuters.com/business/retail-consumer/uks-ms-says-customer-information-was-taken-cyber-attack-2025-05-13/ – Marks & Spencer (M&S) confirmed a cyber attack that compromised some customer personal data, though no usable payment information or passwords were taken. The attack, widely identified as a ransomware incident, has significantly disrupted M&S’s online operations, halting online orders since April 25. Despite the breach, M&S emphasized there is no evidence the stolen data has been shared and reassured customers that no action is required from them at this time. The company is working with cybersecurity experts, law enforcement, and government agencies to restore operations and secure its systems. ([reuters.com](https://www.reuters.com/business/retail-consumer/uks-ms-says-customer-information-was-taken-cyber-attack-2025-05-13/?utm_source=openai))
3. https://www.ft.com/content/55221f2d-00b3-4856-9158-dfdd0263bd0c – The article critiques the glamorization of cybercriminal groups like “Scattered Spider.” Despite recent disruptions to UK retailers such as Marks and Spencer, the Co-op, and Harrods speculated to be linked to this group, its actual methods rely more on basic social engineering tactics than advanced technical skills. These include phishing, SIM swapping, and exploiting weak verification processes to gain unauthorized access. The cybersecurity industry, aiming to market its products, often assigns dramatic names to such groups—Scattered Spider being coined by CrowdStrike—which helps sensationalize their impact and sells fear-based solutions. These names can unintentionally bolster the criminals’ status and recruitment appeal, especially among young offenders seeking prestige. The article argues for a shift away from inflated narratives toward a mature approach to cybersecurity, emphasizing early intervention, better detection, law enforcement training, and international cooperation. It stresses that addressing cybercrime effectively requires both reducing vulnerabilities and increasing the likelihood of prosecution for offenders. ([ft.com](https://www.ft.com/content/55221f2d-00b3-4856-9158-dfdd0263bd0c?utm_source=openai))
4. https://www.ft.com/content/190803d9-e646-4a58-8cd2-9a627cf40bb1 – UK retailers are facing significant cyber insurance premium increases, up to 10%, following high-profile cyber attacks on major chains such as Marks and Spencer (M&S), Harrods, and the Co-op. These attacks are prompting insurers to reassess cyber risk in the retail sector, which had enjoyed falling rates in 2023 and 2024. Experts warn cyber security scrutiny will intensify and some insurers may withdraw from the retail market. M&S may claim tens of millions of pounds for business interruption, after losing over £40 million in online sales during a lengthy system outage. The Co-op confirmed a data breach affecting numerous customers. The sector is particularly vulnerable due to large amounts of consumer data and outdated IT systems. Tesco acknowledged ongoing cyber threat preparedness in its annual report, citing crisis simulations involving ransomware. Insurance might cover not only ransomware payments but also costs associated with crisis response. However, insurers face challenges if attackers are linked to sanctioned entities. The UK’s cyber security agency has also issued warnings about attackers impersonating IT help desks in sophisticated social engineering scams. Brokers urge businesses to secure cyber insurance now before premiums rise further. ([ft.com](https://www.ft.com/content/190803d9-e646-4a58-8cd2-9a627cf40bb1?utm_source=openai))
5. https://moneyweek.com/personal-finance/marks-and-spencer-online-order-problems – Marks & Spencer (M&S) continues to face serious operational disruptions following a cyberattack that occurred over the Easter weekend. Online orders through its website, app, and phone have been suspended since April 25, with no confirmed restart date. The attack compromised some customer data, including names, contact information, and order histories, though no payment details or passwords were exposed. As a security measure, customers will be prompted to reset their passwords upon their next login. Services including Sparks loyalty offers have been paused, and in-store stock availability remains inconsistent, as illustrated by images of empty shelves shared by shoppers online. The cyberattack has severely impacted M&S financially, with an estimated £4 million a day in lost online sales and an 18% drop in share value, erasing over £1 billion in market capitalization. While some affected customers have been compensated with gift cards, broader investor confidence is shaken due to limited communication from M&S. The ransomware group “DragonForce” has claimed responsibility for the breach. Despite these challenges, M&S’s core food business and partnerships like Ocado remain unaffected, providing a silver lining during this crisis. The company is actively working to resolve the issue though no timeline has been confirmed. ([moneyweek.com](https://moneyweek.com/personal-finance/marks-and-spencer-online-order-problems?utm_source=openai))
6. https://www.ft.com/content/5444d2e4-e258-45d2-8ca9-7927e502e3b9 – Several major UK retailers, including Marks and Spencer (M&S), the Co-op, and Harrods, have recently been targeted by cyber attacks, highlighting the increasing vulnerability of the retail sector. M&S has faced significant operational disruptions and a £600 million drop in value due to these attacks. Investigations are ongoing, and experts suspect a common supplier or technology could link the incidents. Cybersecurity professionals suggest a potentially coordinated effort, possibly involving the group Scattered Spider, known for manipulating individuals to gain system access. The National Cyber Security Centre has expressed concern, urging businesses to treat cybersecurity seriously. Retailers are attractive targets due to their vast customer data, real-time operations, and reliance on legacy systems. Although some customer data was accessed, sensitive financial information reportedly remains secure. Cybersecurity apathy, especially among large UK retailers, has been noted in recent industry research. Experts warn that even without paying ransoms, attackers could profit by selling stolen data. The incidents serve as a stark reminder of the growing sophistication and impact of cybercrime on the retail landscape, with recovery potentially taking months. ([ft.com](https://www.ft.com/content/5444d2e4-e258-45d2-8ca9-7927e502e3b9?utm_source=openai))
7. https://www.reuters.com/business/retail-consumer/britain-warn-companies-cyber-security-must-be-absolute-priority-2025-05-02/ – The British government is set to urge all UK businesses to prioritize cyber security following recent cyberattacks on major retailers Marks & Spencer (M&S), the Co-op Group, and Harrods. Cabinet Office Minister Pat McFadden, in coordination with national security officials and Richard Horne, CEO of the National Cyber Security Centre, outlined governmental support for affected companies. At the upcoming CyberUK conference in Manchester, McFadden will stress the need for heightened cyber precautions, describing the attacks as a “wake-up call” and advocating for cyber security to be treated as an “absolute priority.” New measures, including the Cyber Security Bill, are being introduced to strengthen national defense. M&S experienced significant disruption on April 25 due to a suspected ransomware attack by the group “Scattered Spider,” which affected their online and contactless services. This incident follows a growing trend of cyberattacks causing extensive financial and operational damage across UK industries. ([reuters.com](https://www.reuters.com/business/retail-consumer/britain-warn-companies-cyber-security-must-be-absolute-priority-2025-05-02/?utm_source=openai))