Marks & Spencer Faces Prolonged Online Disruption Following Easter Cyber-Attack
Marks & Spencer (M&S) has revealed that its online services will remain disrupted until July after a sophisticated cyber-attack last month. The retailer, which has struggled with online ordering for nearly a month, expects a gradual return to normal operations over the coming weeks.
The attack, which occurred over the Easter weekend, initially disrupted click-and-collect and contactless payment systems. By the following week, M&S had to suspend online ordering entirely, displaying an apology banner on its website. CEO Stuart Machin described the incident as a "highly sophisticated and targeted" breach, with financial analysts estimating a £300 million hit to annual profits equivalent to a third of the company’s earnings. While insurance may cover part of the loss, the impact remains significant.
Authorities are investigating Scattered Spider, a notorious English-speaking hacking group linked to previous attacks on the Co-op and Harrods. M&S appears to have suffered the most severe consequences among the targeted retailers. Despite the setback, Machin assured stakeholders that the company would emerge stronger, framing the incident as a temporary obstacle in its broader restructuring efforts.
Source: https://www.bbc.co.uk/news/articles/c93llkg4n51o
Harrods cybersecurity rating report: https://www.rankiteo.com/company/harrods
Co-op cybersecurity rating report: https://www.rankiteo.com/company/the-co-op-group
Marks and Spencer cybersecurity rating report: https://www.rankiteo.com/company/marks-and-spencer
"id": "HARTHEMAR1781750033",
"linkid": "harrods, the-co-op-group, marks-and-spencer",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Retail',
'name': 'Marks & Spencer (M&S)',
'type': 'Retailer'}],
'customer_advisories': 'Apology banner on website',
'date_detected': '2024-04-01',
'date_resolved': '2024-07-01',
'description': 'Marks & Spencer (M&S) has revealed that its online services '
'will remain disrupted until July after a sophisticated '
'cyber-attack last month. The retailer, which has struggled '
'with online ordering for nearly a month, expects a gradual '
'return to normal operations over the coming weeks. The attack '
'initially disrupted click-and-collect and contactless payment '
'systems, leading to a full suspension of online ordering.',
'impact': {'downtime': '3 months',
'financial_loss': '£300 million',
'operational_impact': 'Suspension of online ordering, disruption '
'of click-and-collect and contactless '
'payments',
'systems_affected': ['online ordering',
'click-and-collect',
'contactless payment systems']},
'investigation_status': 'Ongoing',
'references': [{'source': 'News Article'}],
'response': {'communication_strategy': 'Apology banner on website, CEO '
'statements',
'law_enforcement_notified': 'Yes',
'recovery_measures': 'Gradual return to normal operations'},
'stakeholder_advisories': 'CEO assured stakeholders of recovery and broader '
'restructuring efforts',
'threat_actor': 'Scattered Spider',
'title': 'Marks & Spencer Prolonged Online Disruption Following Easter '
'Cyber-Attack',
'type': 'Cyber-Attack'}