Marks & Spencer — the well-known British retailer that so many people rely on — just went through a really serious cyberattack. It wasn’t just a small tech glitch or some quick fix thing. This one hit hard, and it’s got a lot of people talking.
From what we’re hearing, a hacking group called “Scattered Spider” is behind it. These guys are no joke. And the scary part? It looks like they were hiding out in M&S’s systems for maybe two months before anyone even noticed. That’s wild.
When It All Started and What the Hackers Did
This didn’t just pop up overnight. The actual attack became public around the end of April 2025. But now, some reports say the hackers might’ve gotten into the system back in February. That’s a long time to be poking around without being caught.
Here’s what’s being said about how they did it:
-
They started with phishing emails — those sneaky ones that look legit but are traps.
-
Then they used something called SIM swapping, which basically lets them pretend to be an employee and gain access to systems.
-
Once they were in, they slowly moved through the system, getting more control until finally, they launched a ransomware attack on April 24.
And yeah, once the ransomware hit, it messed up everything. Orders got delayed, payment systems were all over the place, and employees were stuck dealing with a big mess.
Who Are These Scattered Spider Hackers?
This group calls themselves “Scattered Spider,” but security experts also know them by names like UNC3944 or Muddled Libra. Most of them are young, and they’re from the US and UK. They’re not just messing around — they actually know what they’re doing.
They’ve pulled off big attacks before too — on companies like MGM Resorts and Caesars Entertainment. This isn’t their first rodeo. They use a mix of tech smarts and social engineering tricks, like pretending to be someone they’re not to gain trust and access.
Sadly, M&S ended up being their next big victim, and it wasn’t pretty.
The Real-World Impact on M&S and People
This wasn’t just a background IT issue — it messed with real people’s lives. Customers, staff, everyone felt it.
Here’s some of what happened:
-
Online orders, especially for clothing and home stuff, were paused. That meant delays, refunds, or just not getting what you ordered.
-
In-store payments went weird — a lot of people couldn’t use contactless cards.
-
Shelves looked empty, not because stock was gone, but because the supply systems weren’t working right.
-
Lines at checkout were super slow and frustrating.
-
Around 200 workers in a warehouse were told to stay home while they tried to figure it all out — which probably hit their wallets, too.
And it didn’t stop there. M&S’s market value dropped by over £700 million. That’s a massive hit, and investors definitely noticed.
What M&S Is Doing to Fix It
To their credit, M&S didn’t just sit back. As soon as they figured out the scale of the problem, they brought in some major help. They’re now working with big cybersecurity names like:
-
CrowdStrike
-
Microsoft’s Incident Response Team
-
The UK’s National Cyber Security Centre (NCSC)
Their focus right now is pretty simple:
-
Get rid of the ransomware completely
-
Figure out what was taken or damaged
-
Make their systems stronger so this doesn’t happen again
They haven’t said if they paid any ransom (and honestly, they probably won’t tell us either way), but it’s clear they’re doing what they can to clean this up. Still, it’s not a quick fix. These things take time.
Final Thoughts
This whole situation is honestly kind of scary. Like, if a company as big and well-funded as M&S can get hit like this, it really makes you wonder how vulnerable other businesses are too. These hackers are getting smarter and sneakier, and they’re hitting harder.
Hopefully, M&S can bounce back soon. It’s tough on the customers, and it’s even tougher on the staff who rely on their jobs every day. And for other companies out there — maybe this is a good reminder to take a closer look at your own cybersecurity. Because clearly, no one’s too big to get targeted.