19 août 2025
M&S, Caesars Entertainment, MGM Resorts, and Clorox have faced social engineering cyberattacks.
In social engineering cyberattacks, hackers impersonate employees and call their IT helpdesks seeking help in case of lost credentials. Easily accessible personal information of employees or weak authentication practices allow hackers inside the system.
Recently, Marks & Spencer faced such an attack on April 23rd 2025, which led to a ransomware demand from DragonForce. They had used a TCS employee’s email ID. The attack caused M&S a loss of £300 million in operating profit.
Clorox also had its system hacked similarly. A call routed through Cognizant’s IT helpdesk went without proper authentication. Clorox sued Cognizant for $380 million.
In the case of the cyberattack on MGM Resorts, hackers used publicly listed employee information to impersonate staff. However, MGM refused to pay the $100 million ransom.
Corporations are investing in behavioural training, real-time breach detection, and better descriptions of vendor responsibilities, especially in the case of social engineering cyberattacks.
Check out my DEBUT BOOK, The Black Flames, on Amazon Kindle.