Marks & Spencer has made headlines over the last few weeks, after it became the latest in a long list of victims, following a serious ransomware attack. The incident, first detected over the Easter weekend, has left the supermarket paralysed, with widespread disruption in stores and a complete collapse of their website, raising urgent questions about how prepared businesses are to handle modern cyber threats.
A Major Disruption for M&S
Since the 25th of April (2025), M&S has struggled to return to normal after a cyber-attack targeted their contactless payments and Click & Collect services. Soon after, the store was forced to pause all online orders indefinitely. More than two weeks on, their website continued to display a banner notifying customers that orders were paused and declined to provide a clear timeline for when services would resume.
Food supply issues have also been reported, with certain stores lacking key items for promotions like meal deals. Even the company’s careers site went offline, forcing them to pull all job vacancies while it worked to recover.
BBC News has reported extensively on the disruption.
A Ransomware Attack With Wider Implications
It’s since emerged that this was indeed a deliberate ransomware attack from an organised group. A hacking group, known as Scattered Spider (also referred to as UNC3944 ) is suspected of carrying out the attack, alongside similar attempted hacks on Co-Op and Harrods that were carried out around the same time. It’s believed that the English-speaking hacking collective, mostly comprised of teenagers and young adults from the UK and USA, was working with a “cybercrime-as-a-service” business from the former Soviet Republic, known as Dragon Force. This group offers a franchise-like service whereby anyone can use their software in return for 20% of the ransom payments received from cyberattacks.
The National Cyber Security Centre has warned of increasing attacks on British retailers, with criminals often posing as IT help desk staff to gain access. You can read more about this here.
A Price Tag in the Millions
The cost of this attack is already substantial. With M&S’s share value down and over £500 million wiped from its market cap, the financial impact is clear. Online sales account for around a third of its clothing and home business, worth an estimated £3.8 million per day. Every day its site remains down, customers turn to rival retailers.
For a company so reliant on customer trust and seamless service, this breach is more than just a technical failure, it's a reputational crisis. Catherine Shuttleworth from Savvy Marketing notes that the current retail culture is based on “buy it now” expectations. In other words, people won’t wait.
Suppliers Feel the Knock-On Effects
It’s not just M&S feeling the strain. Suppliers like Greencore, which provides sandwiches and wraps to the store , had to revert to pen-and-paper processes, increasing deliveries by 20% to meet demand. Thea Green, CEO of Nails Inc, admitted the disruption came at a crucial time, just as her company was planning a major product launch.
M&S also shares its online food delivery arm with Ocado, meaning delays and issues have extended beyond its own ecosystem. With multiple parties affected, the long tail of such attacks becomes more visible.
Silence Isn’t Always Golden
Since the breach, communication from M&S has been limited. Aside from a few short updates, there’s been little public comment about the nature of the attack or expected recovery times. While this may be common in such cases, it risks eroding customer confidence. Business adviser Kate Hardcastle says in today’s connected world, “silence can be unsettling.”
Strong, transparent communication is key to recovering customer trust especially when data and service integrity are at stake.
What Can Businesses Learn?
This incident reinforces a crucial message: no business is immune to cyber threats. Whether you’re a multinational retailer or a regional service provider, being unprepared can cost you dearly. It’s not just about having antivirus software or backups; it’s about resilience, response planning and expert support.
At Edmondson’s IT Services, we help businesses build robust IT infrastructure, with proactive monitoring, ransomware protection, encrypted cloud backups and rapid recovery strategies. Our Free IT Health Check identifies vulnerabilities before hackers do, offering peace of mind in a climate of growing cyber threats.
Protect Your Business Before It's Too Late
If a brand as large and resource-rich as M&S can be hit this hard, it’s a wake-up call for all businesses. Don't wait until your systems are compromised. Let’s work together to make sure you’re protected.
