• Home
  • cyber
  • Ocado Retail and Marks & Spencer: M&S blames ‘human error’ for cyber attack that will hit profit by £300mn
cyber Cyber Attack

Ocado Retail and Marks & Spencer: M&S blames ‘human error’ for cyber attack that will hit profit by £300mn

May 21, 2025 2 min read
Ocado Retail and Marks & Spencer: M&S blames ‘human error’ for cyber attack that will hit profit by £300mn

M&S Hit by Sophisticated Cyberattack via Third-Party Supplier, Disrupting Operations and Profits

UK retailer Marks & Spencer (M&S) confirmed a cyberattack that exploited social engineering tactics through a compromised third-party supplier, tricking IT staff into altering passwords and authentication processes. The company declined to name the affected supplier.

The breach forced M&S to suspend its online clothing business for over three weeks, disrupted food store stocking, and led to the theft of customer data. The attack wiped nearly £750 million off M&S’s market capitalization and is expected to reduce operating profits by £300 million this year. The retailer anticipates ongoing disruptions to online operations until July, with additional waste and logistics costs incurred.

M&S CEO Stuart Machin attributed the incident to "human error" rather than IT system vulnerabilities, stating that the company’s cyber defenses were not at fault. He confirmed that no ransom was paid and described the attack as a "highly sophisticated and targeted" event. While the breach overshadowed strong annual results including a 22% rise in pre-tax profit to £875.5 million and a 6.1% increase in sales to nearly £14 billion reported pre-tax profits fell 24% to £511.8 million, partly due to a £248.5 million impairment on its Ocado Retail stake.

M&S plans to accelerate its technology overhaul, compressing a two-year modernization timeline into six months. Despite the setback, Machin emphasized that the attack was a "bump in the road" and would not derail the company’s long-term transformation strategy. The retailer expects to offset some financial losses through insurance and cost management.

Source: https://www.ft.com/content/fa80b540-c836-4c45-a77f-38aa1693c656?syn-25a6b1a6=1

Marks and Spencer cybersecurity rating report: https://www.rankiteo.com/company/marks-and-spencer

Ocado Retail cybersecurity rating report: https://www.rankiteo.com/company/ocado-retail

"id": "MAROCA1780944395",
"linkid": "marks-and-spencer, ocado-retail",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Retail',
                        'location': 'UK',
                        'name': 'Marks & Spencer (M&S)',
                        'type': 'Retailer'}],
 'attack_vector': 'Social engineering via third-party supplier',
 'data_breach': {'data_exfiltration': 'Yes',
                 'type_of_data_compromised': 'Customer data'},
 'description': 'UK retailer Marks & Spencer (M&S) confirmed a cyberattack '
                'that exploited social engineering tactics through a '
                'compromised third-party supplier, tricking IT staff into '
                'altering passwords and authentication processes. The breach '
                'forced M&S to suspend its online clothing business for over '
                'three weeks, disrupted food store stocking, and led to the '
                'theft of customer data.',
 'impact': {'data_compromised': 'Customer data stolen',
            'downtime': 'Over three weeks (online clothing business)',
            'financial_loss': '£750 million market capitalization loss, £300 '
                              'million reduction in operating profits',
            'operational_impact': 'Disrupted operations, ongoing disruptions '
                                  'until July, additional waste and logistics '
                                  'costs',
            'systems_affected': 'Online clothing business, food store stocking '
                                'systems'},
 'initial_access_broker': {'entry_point': 'Third-party supplier'},
 'lessons_learned': 'Human error can be exploited despite strong cyber '
                    'defenses; need for accelerated technology modernization',
 'post_incident_analysis': {'corrective_actions': 'Accelerated technology '
                                                  'overhaul, insurance claims, '
                                                  'cost management',
                            'root_causes': 'Human error (social engineering '
                                           'via third-party supplier)'},
 'ransomware': {'ransom_paid': 'No'},
 'recommendations': 'Accelerate technology overhaul, enhance third-party '
                    'supplier security, improve staff training on social '
                    'engineering',
 'references': [{'source': 'M&S CEO statement'}],
 'response': {'containment_measures': 'Suspension of online clothing business, '
                                      'technology overhaul acceleration',
              'remediation_measures': 'Compressed two-year modernization '
                                      'timeline into six months'},
 'title': 'M&S Cyberattack via Third-Party Supplier',
 'type': 'Cyberattack',
 'vulnerability_exploited': 'Human error (password/authentication process '
                            'manipulation)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.