Marks & Spencer (M&S) suffered a **major cyber-attack in April**, forcing the company to **halt online orders for nearly seven weeks**. The disruption led to a **20% decline in clothing sales** over a four-week period ending 25 May, causing significant financial losses and competitive setbacks against rivals like Next, Zara, and H&M. The attack disrupted core e-commerce operations, directly impacting revenue streams and customer trust. While the article does not specify data theft, the prolonged outage suggests a **targeted disruption of business-critical systems**, likely involving operational technology or payment processing infrastructure. The incident underscores vulnerabilities in digital supply chains, particularly as cybercriminals leverage increasingly sophisticated methods, including AI-driven attacks. The financial and reputational damage aligns with broader industry warnings about outdated systems (e.g., unpatched software like Windows 7) exacerbating risks in smart, interconnected environments.
Source: https://www.theguardian.com/business/2025/jun/30/uk-businesses-hit-by-cyber-attack-last-year-report
TPRM report: https://www.rankiteo.com/company/marks-and-spencer
"id": "mar844090225",
"linkid": "marks-and-spencer",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Retail (Clothing, Food, Home Goods)',
'location': 'United Kingdom',
'name': 'Marks & Spencer',
'size': 'Large (Multinational)',
'type': 'Retailer'},
{'industry': 'Multiple (Real Estate, Retail, Critical '
'Infrastructure, etc.)',
'location': 'United Kingdom',
'name': 'Unspecified UK Businesses (27% of surveyed)',
'type': ['Commercial Buildings',
'Facilities Management Firms',
'Consultancies']}],
'attack_vector': ['Exploitation of Outdated Systems (e.g., Windows 7)',
'Building Management Systems (BMS)',
'IoT Devices',
'CCTV Networks',
'Access Control Systems',
'Automated HVAC/Lighting'],
'customer_advisories': ['Marks & Spencer likely issued advisories during the '
'7-week website outage (details unspecified).'],
'date_publicly_disclosed': '2024-06-10T00:00:00Z',
'description': 'A report by the Royal Institution of Chartered Surveyors '
'(Rics) reveals that 27% of UK businesses experienced a '
'cyber-attack in the last 12 months, up from 16% the previous '
'year. The attacks targeted critical infrastructure, building '
'management systems, and operational technology, with outdated '
'operating systems (e.g., Windows 7) exacerbating '
'vulnerabilities. Marks & Spencer suffered a major attack in '
'April, halting online orders for nearly seven weeks and '
'causing a 20% drop in clothing sales over four weeks. The '
'report warns of growing risks due to AI advancements and '
'outdated technologies in smart buildings.',
'impact': {'brand_reputation_impact': 'Negative (loss of customer trust, '
'market share decline)',
'conversion_rate_impact': '20% decline in clothing sales (Marks & '
'Spencer)',
'downtime': '7 weeks (Marks & Spencer website)',
'financial_loss': "Significant (e.g., Marks & Spencer's 20% drop "
'in clothing sales over 4 weeks)',
'operational_impact': 'Halted online orders, loss of market share '
'to competitors (Next, Zara, H&M), potential '
'disruption to building operations (e.g., '
'security, energy management)',
'systems_affected': ['Website Ordering System (Marks & Spencer)',
'Building Management Systems',
'CCTV Networks',
'IoT Devices',
'Access Control Systems',
'HVAC/Lighting Systems']},
'initial_access_broker': {'high_value_targets': ['Building Management Systems',
'E-commerce Platforms (e.g., '
'Marks & Spencer website)']},
'investigation_status': 'Ongoing (per Rics report warnings)',
'lessons_learned': ['Smart buildings and operational technology (OT) are '
'increasingly targeted by cybercriminals.',
'Outdated systems (e.g., Windows 7) pose critical '
'vulnerabilities in building infrastructure.',
'Lack of proactive security measures risks severe '
'operational and financial disruption.',
'AI advancements and IoT proliferation will exacerbate '
'cyber risks in building management.'],
'motivation': ['Financial Gain',
'Disruption of Business Operations',
'Exploitation of Smart Building Vulnerabilities'],
'post_incident_analysis': {'corrective_actions': ['Mandate regular audits of '
'OT/IT systems in '
'commercial buildings.',
'Invest in modernizing '
'legacy systems in smart '
'buildings.',
'Integrate cybersecurity '
'into facilities management '
'training.',
'Collaborate with '
'cybersecurity firms to '
'assess building-specific '
'risks.'],
'root_causes': ['Use of outdated, unsupported '
'software (e.g., Windows 7) in '
'building systems.',
'Inadequate security for '
'operational technology (OT) and '
'IoT devices.',
'Lack of preparedness for '
'cyber-physical attacks on smart '
'infrastructure.',
'Underestimation of risks '
'associated with interconnected '
'building technologies.']},
'recommendations': ['Replace end-of-life operating systems (e.g., Windows 7) '
'with supported, patched versions.',
'Implement network segmentation for OT and IT systems in '
'smart buildings.',
'Enhance monitoring of building management systems, CCTV, '
'and IoT devices.',
'Develop incident response plans tailored to operational '
'technology disruptions.',
'Conduct regular vulnerability assessments for '
'interconnected building systems.',
'Raise awareness among facilities managers about cyber '
'risks in digital environments.'],
'references': [{'date_accessed': '2024-06-10',
'source': 'The Guardian',
'url': 'https://www.theguardian.com/business/2024/jun/10/uk-businesses-cyber-attack-risk-smart-buildings-rics'},
{'source': 'Royal Institution of Chartered Surveyors (Rics) '
'Report'}],
'response': {'communication_strategy': ['Public disclosure via Rics report',
'Media coverage (The Guardian)'],
'remediation_measures': ['Urgent calls for security '
'countermeasures in smart buildings',
'Replacement of outdated systems (e.g., '
'Windows 7)']},
'stakeholder_advisories': ['Rics urges businesses to address digital risks in '
"building operations to avoid 'sleepwalking' into "
'attacks.'],
'title': 'Cyber-Attack Disrupts UK Businesses, Including Marks & Spencer '
'Website Outage',
'type': ['Cyber-Attack',
'Operational Technology Compromise',
'Website Disruption',
'Data Breach (Potential)'],
'vulnerability_exploited': ['Unpatched Software (e.g., Windows 7 EOL)',
'Weak Security in Operational Technology (OT)',
'Lack of Network Segmentation',
'Insufficient Monitoring']}