Marks & Spencer Hit by Major Cyberattack
Marks & Spencer (M&S), one of Britain’s most beloved retailers, is reeling after a brutal cyberattack crippled its online and in-store operations. The sophisticated hack is linked to the notorious group Scattered Spider, aka UNC3944 or Octo Tempest.
Chaos Across M&S: Orders Halted, Payments Disrupted
The attack was first spotted around April 21 and has forced M&S to suspend online orders for clothing and homeware. Contactless payments are down in several stores, while product shortages plague multiple UK locations.
The damage hit hard on the stock market, with shares plunging 7%, wiping off a staggering £700 million in market value.
Investigations hint the hackers gained access as early as February 2025. They stole highly sensitive files, including NTDS.dit — a database holding hashed Windows passwords — before deploying ransomware from the DragonForce gang to lock down key servers.
Who Are Scattered Spider?
This cybercriminal gang mainly consists of English-speaking teens and young adults from the UK and US. Their weapon of choice? Devious social engineering tricks such as:
- Phishing and SIM swapping
- Multi-factor authentication fatigue attacks
- Impersonating IT administrators
Scattered Spider are behind other big hacks too, like those on MGM Resorts and Caesars Entertainment, causing huge financial and operational havoc.
M&S Fights Back with Cybersecurity Titans
Marks & Spencer has called in top cyber experts from CrowdStrike, Microsoft, and Fenix24 to contain the breach. They’re also collaborating with the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
The company hasn’t confirmed if a ransom was demanded or paid, but experts say similar attacks often come with demands up to £10 million.
“We are taking this incident extremely seriously and are working tirelessly with cybersecurity experts and law enforcement to restore full services and safeguard customer data,” said an M&S spokesperson.
Retail Sector Faces Growing Cyber Threats
This cyberattack hits M&S just as they launch a digital transformation strategy to modernise the brand and improve customer experience. Experts warn that retailers remain prime targets due to the vast personal and financial data they handle daily.
The breach is a wake-up call for the entire retail sector to boost digital defences against ever-rising cybercrime threats.
