M&S hooligans sent a threatening email to the CEO demanding money and using offensive language.

M&S hackers send abuse and ransom demand directly to CEOImage source, Bloomberg via Getty ImagesJoe TidyCyber correspondent, BBC World ServicePublished on 6 June 2025The chaps over at Marks & Spencer received a rather unpleasant email straight from the hackers, boasting about their shenanigans and demanding some dosh, according to BBC News reports.The email, sent to M&S big cheese Stuart Machin, was scribbled in dodgy English and came from the hacker gang DragonForce using an employee's email account.This message marks the first time M&S has admitted to being hacked by these ruffians, even though they've been a bit mum on the topic so far."We've made our way all the way from China to the UK and have given your company a jolly good seeing to by encrypting all your servers," the hackers jibed."The dragon fancies a chat with you, so pop over to [our darknet website]."The cyber escapade has cost M&S a pretty penny, estimated at a whopping £300m, and still has them unable to take online orders weeks later.The email was shared with the BBC by a cyber-security whiz, and it contained some unsavory language and slurs, humiliating the M&S CEO and seven other top dogs in the company.Not only did the hackers enjoy bragging about installing ransomware to paralyze M&S's IT system, but they also claim to have gotten their mitts on the private info of millions of customers.A conservative three weeks after the attack, customers got wind of the potential data theft, accompanied by the Indian IT firm Tata Consultancy Services (TCS), which has been handling M&S's IT needs for quite some time.The email was fired off from an account belonging to an Indian IT bod working in London, who sports an M&S email and is on TCS's payroll. It seems this chap got himself hacked in the process.TCS is presently looking into whether it may have been the gateway for the cyber skullduggery, but they deny having any involvement in the M&S breach.M&S is keeping mum on the whole debacle, refusing to offer any comments.'Let's have a natter'A cheeky darknet link shared in the ransom email directs to a space for DragonForce victims to begin haggling over the ransom fee. This further cements the authenticity of the message.Included in the invite, the hackers wrote: "Let's get this party started. Drop us a line, we'll make this quick and easy for us."The miscreants also seem to have gotten the low-down on the company's cyber-insurance policy, hinting that they can benefit each other handsomely : ))".As for payment of a ransom, the M&S CEO is keeping schtum about that one.DragonForce wrapped up the exchange with an image of a dragon spewing fire.This marks the first time we see the connection between M&S's cyber incident and the nearly simultaneous one at Co-op, which DragonForce also claims responsibility for.The two hacks hit the retailers like a ton of bricks, with shelves at Co-op left bare for weeks and M&S operations expected to remain in disarray until July.No solid info yet on who exactly is behind DragonForce, as they keep themselves well and truly hidden. This group offers up plenty of cyber naughtiness on their darknet site in return for a 20% share of any ransoms collected.Any rascal can join up and use their nasty software to scramble a victim's data or send a threat via their darknet hangout.None of this has popped up on the thick end's darknet info site about Co-op or M&S yet, but the hackers promised the BBC some titbits "very soon" due to IT issues on their end.Some reckon DragonForce are based in Malaysia, while others point to Russia. Their email to M&S hints that China may be their turf.The theory goes that a bunch of young western hackers known as Scattered Spider may be the wheelers behind the hacks on Co-op, M&S, and even Harrods.Scattered Spider isn't a straightforward gang but more of a network spanning across Discord, Telegram, and forums – as dubbed "scattered" by cyber security lot at CrowdStrike. A few of these spider folk are teenagers from the US and UK.The UK's National Crime Agency is hot on their tail, focusing on them in the investigation.The chaps at Co-op were asked if they were part of the Spiders, but they didn't fancy spilling the beans. All they chirped was: "We won't answer that question."Two of them wanted to go by the names "Raymond Reddington" and "Dembe Zuma" after characters from The Blacklist TV show, where a dodgy chap lends a hand to the coppers to nab other unsavory people listed on it.Subsequent cyber-attacks on UK retailers didn't pack as much punch as those on Co-op, M&S, and Harrods. But there were a few letters from the M&S hackers in my inbox that started a hullabaloo.Published M&S hacker surfaces in email exchange, find out more about the fiascoPublished5 MayWondering when you can refill your online shopping cart at M&S?Published7 MayGet in on our Tech Decoded newsletter for all the latest tech news and trends worldwide. Not in the UK? Sign up here.Related topicsCyber naughtinessCo-opMarks & Sparks copyright, Bloomberg via Getty Images Joe Tidy Cyber correspondent, BBC World Service 1, gloves, retail, harrods, underground