Recommended reading

M&S CEO directly targeted by hackers demanding ransom payout

News
By published

M&S CEO Stuart Machin was sent threatening communications by the gang

Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
(Image credit: Shutterstock)
  • Marks and Spencer CEO received communication from a ransom gang
  • This follows a devastating attack earlier in 2025
  • The email confirms a link between the M&S and Co-op attacks

Marks and Spencer was amongst the British retailers that suffered devastating cyberattacks earlier in 2025, with services and stores facing disruption, as well as online orders being suspended.

In the midst of all this, reports from the BBC claim company CEO Stuart Machin was personally sent emails by the attackers goading him and inviting him to begin negotiating the ransom fee.

"We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers," the hackers wrote. "The dragon wants to speak to you so please head over to [our darknet website]."

Save up to 68% on identity theft protection for TechRadar readers!

Save up to 68% on identity theft protection for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

“Let's get the party started”

The group, who call themselves “DragonForce” also claimed responsibility for the Co-op attack, which came around a similar time - making this email the first official link between the two incidents.

Little is known so far about the group themselves, but the emails confirm this was a ransomware attack, something that M&S have so far refused to comment on.

It was sent through a London-based Tata Consultancy Services (TCS) employee, and it appears as though this employee was also hacked as part of the wider attack - and the Indian IT service is investigating whether it was the origin for the M&S cyberattack.

The email indicated a knowledge of the firm’s cyber insurance, taunting the firm; "we know we can both help each other handsomely : ))". The email also contained a link to begin ransom negotiations; "let's get the party started. Message us, we will make this fast and easy for us."

We reached out to Marks and Spencer for comment, which it declined, offering the following;

“We cannot comment on details of or speculation on the cyber incident, and we have been advised not to.”

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.