Marks & Spencer (M&S), one of Britain’s most iconic retailers, is battling a major cyberattack that has severely disrupted operations across its online and physical retail platforms. The sophisticated attack is believed to be the work of the notorious hacking group Scattered Spider, also known as UNC3944 and Octo Tempest.
Massive Disruption Across M&S Operations
The attack, which was first detected around April 21, has forced M&S to suspend online orders for clothing and home goods, disrupted contactless payment systems in-store, and caused product shortages across multiple UK locations. The fallout has been swift, with the retailer’s share price plummeting by 7%, resulting in a £700 million loss in market valuation.
Internal investigations suggest the breach may have begun as early as February 2025, with hackers gaining deep access to M&S’s IT infrastructure. Highly sensitive files, including the NTDS.dit — which stores hashed Windows account passwords — were reportedly exfiltrated before ransomware from the DragonForce group was deployed to encrypt key servers.
Response from M&S and Cybersecurity Experts
In response, Marks & Spencer has brought in leading cybersecurity firms — including CrowdStrike, Microsoft, and Fenix24 — to investigate and contain the breach. The company is also working closely with the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
While M&S has not confirmed if a ransom was demanded or paid, experts estimate that similar attacks often involve ransom demands of up to £10 million.
A spokesperson from M&S stated:
[block_2]
“We are taking this incident extremely seriously and are working tirelessly with cybersecurity experts and law enforcement to restore full services and safeguard customer data.”
Wider Implications for the Retail Sector
This breach comes at a critical time for M&S, which has recently launched a digital transformation strategy to modernise its brand and customer experience. The cyberattack underscores the rising threat of cybercrime in the retail sector and the urgent need for enhanced digital defences.
Cybersecurity analysts are warning that retailers remain prime targets due to the vast amounts of personal and financial data they manage daily.
