M&S Cyberattack by Scattered Spider: What Really Happened?

🛡️ M&S Cyberattack: Inside the Scattered Spider Breach at Marks & Spencer

Marks & Spencer (M&S), one of the UK's most trusted retailers, recently fell victim to a devastating cyberattack allegedly orchestrated by the hacking group Scattered Spider. This advanced threat campaign caused massive disruptions across M&S's digital and physical infrastructure — affecting customer orders, supply chains, and employee operations.

💥 The incident first came to light in April 2025, but reports suggest the hackers may have gained access to M&S systems as early as February 2025, stealthily exfiltrating sensitive data and preparing for a ransomware detonation.

🔍 A Closer Look at the Attack

Scattered Spider reportedly breached internal systems, exploiting social engineering tactics like phishing and SIM-swapping to impersonate employees and escalate privileges within M&S's networks.

🔐 By April 24, ransomware was launched, locking critical data and crippling M&S’s core operations — including online orders, logistics, and payment systems.

🕷️ Who is Scattered Spider?

Known in cybersecurity circles as UNC3944 or Muddled Libra, Scattered Spider is a notorious hacking collective mainly made up of young cybercriminals from the US and UK. The group is part of a new wave of threat actors combining social engineering with traditional cyberattacks to breach even well-defended networks.

📌 Their previous high-profile targets include:

• MGM Resorts

• Caesars Entertainment

• Multiple global enterprises across telecom, finance, and retail sectors

This time, Marks & Spencer became their target — and the consequences were severe.

💻 How Did It Affect M&S?

🛒 Online Shutdown

M&S temporarily paused online clothing and home goods orders, impacting thousands of customers and slashing revenues during a peak season.

🏬 In-Store Disruptions

Customers reported:

• Glitches in contactless payments

• Empty shelves in multiple stores

• Slow checkout systems

These disruptions stemmed from compromised supply chain coordination systems.

👷‍♂️ Staff Impact

Roughly 200 warehouse staff were told to stay home as M&S investigated the extent of the breach and worked to restore system functionality.

📉 Market Reaction

Following the news, M&S's market value reportedly plummeted by over £700 million, triggering shareholder concerns and media scrutiny.

🛡️ M&S's Response & Security Measures

In response, Marks & Spencer partnered with cybersecurity experts, including:

• 🔐 CrowdStrike

• 🧠 Microsoft's Incident Response Team

• 🕵️ UK's National Cyber Security Centre (NCSC)

Their goals:

• Isolate and remove the ransomware

• Assess and contain the breach

• Implement stronger preventative controls

📢 So far, M&S has not confirmed if a ransom was paid, but recovery efforts are ongoing.