In late April 2025, Marks & Spencer (M&S) was targeted by a ransomware attack linked to the Scattered Spider threat actor. This incident caused significant operational disruption and financial costs, affecting the company's ability to operate normally. The attack disrupted the retailer's supply chain and likely led to the exposure of customer data and payment information, making it a high-severity incident.
Source: https://www.infosecurity-magazine.com/news/retail-ransomware-jump-globally-q2/
TPRM report: https://scoringcyber.rankiteo.com/company/marks-and-spencer
"id": "mar419071725",
"linkid": "marks-and-spencer",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Retail',
'location': 'UK',
'name': 'Marks & Spencer (M&S)',
'type': 'Retail'},
{'industry': 'Retail',
'location': 'UK',
'name': 'The Co-op',
'type': 'Retail'},
{'industry': 'Retail',
'location': 'UK',
'name': 'Harrods',
'type': 'Retail'},
{'industry': 'Retail', 'name': 'Dior', 'type': 'Retail'},
{'industry': 'Retail',
'name': 'Adidas',
'type': 'Retail'},
{'industry': 'Retail',
'name': 'Louis Vuitton',
'type': 'Retail'},
{'industry': 'Retail',
'name': 'Cartier',
'type': 'Retail'},
{'industry': 'Retail',
'name': 'Victoria’s Secret',
'type': 'Retail'}],
'data_breach': {'data_exfiltration': 'Yes'},
'date_publicly_disclosed': '2025-07-16',
'description': 'Publicly disclosed ransomware attacks targeting the retail '
'sector globally have surged by 58% in Q2 2025 compared to Q1, '
'with UK-based firms bearing the brunt of this targeting.',
'motivation': ['Extortion', 'Data Theft'],
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2025-07-16', 'source': 'BlackFog Report'}],
'response': {'law_enforcement_notified': 'Yes'},
'threat_actor': ['Scattered Spider'],
'title': 'Surge in Ransomware Attacks on Retail Sector in Q2 2025',
'type': 'Ransomware'}