Discover how Scattered Spider's cyberattack disrupted Marks & Spencer’s services. Explore its impact, recovery steps, and security insights.


Newsletter

wave

🛡️ M&S Cyberattack: Inside the Scattered Spider Breach at Marks & Spencer

Marks & Spencer (M&S), one of the UK's most trusted retailers, recently fell victim to a devastating cyberattack allegedly orchestrated by the hacking group Scattered Spider. This advanced threat campaign caused massive disruptions across M&S's digital and physical infrastructure — affecting customer orders, supply chains, and employee operations.

💥 The incident first came to light in April 2025, but reports suggest the hackers may have gained access to M&S systems as early as February 2025, stealthily exfiltrating sensitive data and preparing for a ransomware detonation.

🔍 A Closer Look at the Attack

Scattered Spider reportedly breached internal systems, exploiting social engineering tactics like phishing and SIM-swapping to impersonate employees and escalate privileges within M&S's networks.

🔐 By April 24, ransomware was launched, locking critical data and crippling M&S’s core operations — including online orders, logistics, and payment systems.

🕷️ Who is Scattered Spider?

Known in cybersecurity circles as UNC3944 or Muddled Libra, Scattered Spider is a notorious hacking collective mainly made up of young cybercriminals from the US and UK. The group is part of a new wave of threat actors combining social engineering with traditional cyberattacks to breach even well-defended networks.

📌 Their previous high-profile targets include:

  • MGM Resorts

  • Caesars Entertainment

  • Multiple global enterprises across telecom, finance, and retail sectors

This time, Marks & Spencer became their target — and the consequences were severe.

💻 How Did It Affect M&S?

🛒 Online Shutdown

M&S temporarily paused online clothing and home goods orders, impacting thousands of customers and slashing revenues during a peak season.

🏬 In-Store Disruptions

Customers reported:

  • Glitches in contactless payments

  • Empty shelves in multiple stores

  • Slow checkout systems

These disruptions stemmed from compromised supply chain coordination systems.

👷‍♂️ Staff Impact

Roughly 200 warehouse staff were told to stay home as M&S investigated the extent of the breach and worked to restore system functionality.

📉 Market Reaction

Following the news, M&S's market value reportedly plummeted by over £700 million, triggering shareholder concerns and media scrutiny.

🛡️ M&S's Response & Security Measures

In response, Marks & Spencer partnered with cybersecurity experts, including:

  • 🔐 CrowdStrike

  • 🧠 Microsoft's Incident Response Team

  • 🕵️ UK's National Cyber Security Centre (NCSC)

Their goals:

  • Isolate and remove the ransomware

  • Assess and contain the breach

  • Implement stronger preventative controls

📢 So far, M&S has not confirmed if a ransom was paid, but recovery efforts are ongoing.

FAQ

Scattered Spider, a hacking group, infiltrated M&S systems using phishing and social engineering, deploying ransomware and causing operational chaos.

As of now, M&S has not publicly confirmed any customer data breach, but investigations are ongoing to assess the full impact.

Online ordering for clothing and home products was suspended temporarily. The company is gradually restoring services as systems are secured.

Their advanced tactics like SIM-swapping and impersonation, combined with ransomware deployment, make them a serious threat to major corporations.

M&S reportedly suffered a market cap drop of over £700 million, along with losses in online revenue and operational costs.

The full disruption timeline is unclear, but online services were down for several days, and in-store systems faced delays and shortages for over a week.

Yes, the National Cyber Security Centre (NCSC) is working closely with M&S and cybersecurity firms to identify the attackers and secure systems.

Yes, especially those with large digital operations. The attack highlights vulnerabilities in retail IT systems and the importance of constant vigilance.

Search Anything...!