Marks and Spencer suffered a devastating ransomware attack in 2025 that disrupted services and stores, suspending online orders. The attackers, known as DragonForce, compromised the company's servers and demanded a ransom. The incident also affected a London-based Tata Consultancy Services (TCS) employee, who was hacked as part of the attack. The group additionally claimed responsibility for a similar attack on Co-op.
TPRM report: https://scoringcyber.rankiteo.com/company/https://www.linkedin.com/company/marks-and-spencer/
"id": "htt950060625",
"linkid": "https://www.linkedin.com/company/marks-and-spencer/",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack which create outage"{'affected_entities': [{'industry': 'Retail',
'location': 'United Kingdom',
'name': 'Marks and Spencer',
'type': 'Retailer'}],
'attack_vector': ['Email', 'Phishing'],
'date_detected': '2025',
'description': 'Marks and Spencer was among the British retailers that '
'suffered devastating cyberattacks earlier in 2025, with '
'services and stores facing disruption, as well as online '
'orders being suspended. The company CEO Stuart Machin was '
'personally sent emails by the attackers goading him and '
'inviting him to begin negotiating the ransom fee.',
'impact': {'operational_impact': 'Services and stores disrupted, online '
'orders suspended',
'systems_affected': ['Servers']},
'initial_access_broker': {'entry_point': 'Email'},
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': 'All Servers'},
'references': [{'source': 'BBC'}],
'threat_actor': 'DragonForce',
'title': 'Marks and Spencer CEO Receives Communication from Ransom Gang',
'type': 'Ransomware'}