[fencepost]

That was pretty well documented earlier this year (e.g. https://www.bleepingcomputer.com/news/security/uk-shares-sec... about M&S and Co-Op). "the threat actors utilized the same social engineering attack to breach both M&S and Co-op."