The M&S Cyber Attack: A Digital Bombshell

Recent high-profile cyber-attacks on major UK brands are a stark reminder of the growing risks in our increasingly digital business environment. One of the most disruptive in recent months has been the cyber incident at Marks & Spencer (M&S) — a household name brought to a halt by what experts describe as a severe ransomware attack.

In April 2025, Marks & Spencer was forced to pause all online orders, affecting both food deliveries and clothing sales. The company confirmed it was dealing with a “cyber incident” that impacted not just online services, but also in-store functions like contactless payments and the use of gift cards.

Although physical stores remained open, the knock-on effects were significant:

  • Loss of online revenue – M&S generates nearly a quarter of its sales online.
  • Reputational damage – Customers expressed frustration over mixed messaging and ongoing disruptions.
  • Operational chaos – Experts compared the incident to a “digital bomb”, noting how hard it is to restore complex systems compromised by ransomware.

Cybersecurity experts believe a ransomware called DragonForce was used, possibly linked to the notorious Scattered Spider gang – a coalition of cyber criminals. While the full extent of data compromise remains unclear, the situation prompted M&S to engage with the National Cyber Security Centre and the National Crime Agency.

A Wider Trend: Businesses Under Siege

The M&S case is part of a broader pattern:

  • Earlier this year, several UK banks — including Barclays and Lloyds — faced critical service outages.
  • The BBC suffered a data breach affecting tens of thousands of employees.
  • TalkTalk’s infamous 2015 hack remains a cautionary tale, resulting in major fines and loss of public trust.

These examples reveal how both digital-native companies and traditional retailers are vulnerable to evolving cyber threats.

What Businesses Must Learn from M&S

Cyber threats are operational threats

Cybersecurity is no longer an IT issue; it’s a core operational and reputational risk.

Preparedness is critical

M&S had to pause operations to assess damage and avoid further spread — a painful but necessary move. A well-rehearsed incident response plan can reduce this downtime.

Communication matters

Customers criticised M&S for inconsistent messaging. Clear, timely, and transparent updates are essential during a cyber crisis.

Cyber hygiene for consumers

As a precaution, experts advise M&S customers to change passwords used across multiple services — a good reminder for everyone to practise strong credential management.

 

 

The M&S breach shows that no organisation is too big, too old, or too well-known to fall victim to cybercrime. For all businesses, the message is clear: cybersecurity is not optional — it’s essential.

If you’d like advice on assessing your own business’s resilience, or want to know more about how Shoothill can help protect your digital assets, please do get in touch.

📧 [email protected]

☎ 01743 636300

 

Get in touch