Major Cyber Attack Hits Marks & Spencer Amid Rising Breaches
On April 20, 2025, Marks & Spencer, a leading UK retail giant, was hit by a massive cyber attack that resulted in the suspension of its online shopping and delivery services. This breach has raised serious concerns regarding the cybersecurity measures employed by major retailers, particularly as the threat landscape continues to evolve. The attack on Marks & Spencer coincides with alarming data breaches reported by Yale New Haven Health, which compromised 5.5 million patient records, and Hertz, affecting over a million customers. Vulnerabilities such as CVE-2025-31324 in SAP NetWeaver and CVE-2025-3935 in ConnectWise further underscore the precarious state of cybersecurity. As sophisticated attacks proliferate, organizations must enhance their defenses and adopt proactive strategies to safeguard sensitive data against these persistent threats.
Also In Security Today
- Yale New Haven Health Data Breach: The healthcare provider disclosed a breach affecting 5.5 million patient records, highlighting critical vulnerabilities in healthcare IT systems. source
- Hertz Customer Data Compromised: Over a million customers had their personal and payment details leaked due to inadequate security measures, prompting a reevaluation of data protection strategies. source
- Critical Vulnerability in SAP NetWeaver: CVE-2025-31324, a critical vulnerability with a CVSS score of 10.0, allows attackers to execute arbitrary code, affecting numerous organizations. source
- Phishing Campaign Targeting NGOs: A new wave of phishing attacks using fake Microsoft Entra login pages has emerged, targeting NGOs and raising alarms about data exfiltration attempts. source