The Ultimate Guide To Cybersecurity In The Real World. - Register Here
The Ultimate Guide To Cybersecurity In The Real World. - Register Here
Schedule a Consultation
Hoplon InfoSec Logo
  • Products
  • Services

Hoplon Infosec · Threat Intelligence

M&S Meltdown: Cyberattack Disrupts Stores, Sales and Trust

ByHoplon Infosec
Published01 May, 2025
M&S Meltdown: Cyberattack Disrupts Stores, Sales and Trust
Hoplon Infosec01 May, 2025

British retail giant Marks & Spencer (M&S) faces one of its biggest crises. A devastating cyberattack has sent shockwaves through its operations, leaving customers frustrated, shelves empty, and the company’s profits plummeting. From frozen food counters to a paralyzed online store, the damage from the digital breach is wide-reaching. The incident, which began over the Easter weekend, has left the high street staple scrambling to restore its services, but the fallout is far from over. The story of M&S’s cyberattack reveals how vulnerable even the most established brands are in today’s digital age—and how significant the consequences can be when systems are breached.

A Timeline of Chaos

Marks & Spencer’s troubles began around Easter when customers reported contactless payment and the Click & Collect service issues. These early signs of a cyberattack didn’t seem as catastrophic at first, but as the days passed, the scope of the attack became clearer.

On April 25, Marks & Spencer decided to stop accepting online orders through its website, app, and phone channels, signaling a deeper issue than initially apparent. The company touted this decision as a “proactive” move to control the situation, but it hinted at the absolute chaos unfolding behind the scenes.

By April 30, the signs of the attack were unmistakable. Empty shelves and shuttered food counters became common across many of its stores. Hot food counters, once bustling with customers, were temporarily shut down.

Notices in-store read, “Due to technical issues, we cannot offer these products now. We’re working hard to resolve the problem and will have these items back in stock as quickly as possible.”

The company’s decision to take some systems offline as part of its response to the cyberattack also led to widespread store disruption. Staff had to manually monitor chillers, with the fear that automatic defrost alarms were no longer functioning. Even Marks & Spencer’s charitable donations, which had long been a part of its community engagement efforts, were put on hold as logistical systems failed.

While the issues in stores became increasingly visible, the damage to the online platform was equally devastating. The disruption to online sales came at an incredibly inopportune moment, especially with warmer spring weather encouraging customers to purchase new clothing and home goods.

Hackers in Hoodies: Who’s Responsible?

While M&S has remained tight-lipped about the specifics of the breach, cybersecurity experts have quickly pieced together the nature of the attack. Clearly, the attack was ransomware—hackers infiltrate a company’s systems, encrypt vital data, and demand payment to restore access. But who were the culprits behind this sophisticated operation? According to reports, the group behind the attack is Scattered Spider, a notorious hacking group believed to be composed of young cybercriminals, some reportedly as young as 16.

The hackers accessed Marks & Spencer’s systems as early as February. However, the real damage occurred on April 24, when they allegedly deployed a tool known as DragonForce, a program that is often used in ransomware attacks. Once DragonForce was in play, the hackers encrypted large volumes of data and effectively held M&S’s digital systems hostage. Although there’s no confirmed leak of sensitive information, the possibility of personal data exposure on the dark web remains a primary concern. The breach has caused significant damage to M&S’s digital infrastructure, and it’s clear that this attack is far from the work of amateur hackers.

To address the attack and mitigate further damage, M&S is now working closely with the National Cyber Security Centre (NCSC) and private cybersecurity experts. However, experts agree that this type of breach is a growing concern for businesses, especially those that rely heavily on digital infrastructure.

Millions Down the Drain

The financial toll of the cyberattack on M&S has been catastrophic. Since the attack began, the retailer’s stock has dropped by 6.5%, wiping out more than £500 million in market value. But the damage extends far beyond stock prices. Reports suggest that Marks & Spencer is losing around £3.8 million per day in lost online sales—exceptionally hard-hitting for a company that relies heavily on its online platform. M&S’s latest financial statements show that about a third of the company’s clothing and homeware sales are made through its online channels, worth roughly £1.2 billion annually.

The timing couldn’t have been worse for Marks & Spencer, as the company is now missing out on a crucial sales period: the spring fashion season. Many customers who would have turned to M&S for new clothing are likely opting for its competitors, who can deliver products without delay. Marketing expert Catherine Shuttleworth noted, “Given the ‘buy it now’ culture, other retailers will benefit from this opportunity.”

For a retailer like M&S, losing out on spring sales during an already challenging retail environment could have long-lasting repercussions. The company’s reputation, once solid, now faces a “bruise,” according to analysts. Still, Marks & Spencer’s loyal customer base may offer some leniency due to the company’s long-standing presence in the market.

Logistics in Limbo

The cyberattack’s effects are not limited to the stores and online platforms. M&S’s logistical operations have also been heavily disrupted. Temporary staff at the company’s Castle Donington logistics hub, located in the East Midlands, were told to stay at home as the cyberattack crippled systems at the key site. M&S had hoped to keep its logistics running smoothly despite the cyberattack, but delays and confusion have rendered this impossible.

The attack has also impacted M&S’s grocery business. The company supplies products to online grocery partner Ocado, which delivers M&S groceries to customers. M&S has confirmed that a small portion of products being provided to Ocado have been affected, but the retailer hasn’t disclosed which specific products are impacted. Even the company’s hiring efforts have been put on hold due to the disruption. M&S removed all job postings from its website, citing ongoing technical issues.

Customers Left in the Dark

Despite the growing impact of the cyberattack, M&S has been eerily quiet in terms of public communication. The company has issued only two public statements since April 25, leaving customers and analysts in the dark about the full scale of the attack and what steps M&S is taking to fix the problem. This lack of transparency is concerning, especially given the magnitude of the breach.

Consumer expert Kate Hardcastle explained, “In today’s hyper-connected world, silence can be unsettling, particularly when trust and transparency are the most valuable commodities a brand can offer.” Financial analyst Susannah Streeter added, “Good communication and transparency will restore confidence in the company and its systems. The longer M&S remains silent, the more likely the reputation will suffer further damage.

Supplier Worries

While M&S has largely informed suppliers about the attack, the situation has also left them on edge. The Green, CEO of the beauty brand Nails Inc., expressed concern about the disruption to M&S’s operations but said it would only have a “single-digit” percentage impact on her business. However, with new product launches on the horizon, even minor delays can have significant consequences.

M&S’s stores, especially those in the food sector, are equally concerned about the cyberattack’s long-term effects. The retailer’s supply chain and logistics networks have been left in disarray, raising questions about how M&S will manage its operations in the future.

Online Shopping: Hit Pause

Customers can now browse products online without placing orders or tracking previous ones. A message on the M&S website reads: “As part of our proactive management of a cyber incident, we have decided to pause taking orders via our M&S.com websites, apps, and over the phone.” This message reflects the company’s intent to contain the damage, but it also signals how severely the breach has impacted M&S’s platform.

Despite these challenges, M&S has assured customers that they need not take any action and that the team is working “extremely hard” to “restore online shopping as quickly as possible. However, as the days drag on, customers’ frustration grows.

Can M&S Bounce Back?

While the damage is already significant, the question remains: can M&S recover from this cyberattack? Whether or not the company can regain consumer trust and stabilize its operations depends on how quickly it can resolve the current issues and how transparently it communicates with customers in the coming weeks. With cybersecurity teams on board and crisis management underway, all eyes are on the brand’s first move.

Lessons from the Fallout

This cyberattack is a stark reminder of the growing threats businesses face in the digital age. It’s a wake-up call not only for M&S but for retailers everywhere. Cyberattacks are no longer rare incidents but are becoming an increasingly common reality. Companies must prioritize cybersecurity and take steps to fortify their digital defenses.

The M&S cyberattack will likely be studied for years as a case study on how a major brand can fall victim to young, tech-savvy hackers—and how recovery demands technical expertise and human transparency.

About the author

Hoplon Infosec

Hoplon Infosec

Was this useful?

React, leave a note, or share it forward.

Leave a note

Share this article

Share this :

Free · Weekly · No noise

Get the threats that matter, before they reach you.

One short email a week with the breaches, zero-days, and fixes worth your attention — written in plain English, no fear-mongering.

Hoplon InfoSec Logo
Address : 1415 West 22nd Street, Tower Floor, Oak Brook, IL 60523

Phone : +1 (773) 904-3136

Email : info@hoploninfosec.com

Services

  • Penetration Testing
  • Cyber Security Assessment
  • AI Development
  • Incident Readiness & Response Recovery

Products

  • IBM Flash Storage Solutions
  • Mobile Security
  • Endpoint Security
  • Deep and Dark Web Monitoring

Sign Up For Newsletter

Get the latest updates on new products and upcoming news

Copyright © Hoplon InfoSec, LLC and its group of companies.
About usContact usTerms & ConditionsCookie PolicyPrivacy Policy
03Latest posts

Keep reading.

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now
15 Jul, 2026

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now

SonicWall SMA1000 zero-day vulnerabilities are under active attack. See affected versions, CVE details, IOC checks and the patch you need right now.

Read More
Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide
15 Jul, 2026

Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide

Windows 11 KB5101650 is blocked on some Dell PCs after an Intel driver conflict triggered shutdowns and overheating. Here is what happened and what to do.

Read More
OFAC Sanctions First VPN Service Over Ransomware
14 Jul, 2026

OFAC Sanctions First VPN Service Over Ransomware

Learn why OFAC sanctioned First VPN Service and a malware cryptor seller, how 1VPNS helped ransomware groups, and how to defend against FSB router attacks.

Read More
CVE-2026-57807: Critical WordPress SSO Flaw Explained
13 Jul, 2026

CVE-2026-57807: Critical WordPress SSO Flaw Explained

CVE-2026-57807 affects miniOrange OAuth SSO through 38.5.8. Learn who is exposed, how the flaw works, plus safe mitigation and incident response steps.

Read More
Mobile App Security Guide: Risks, Fixes and Best Practices
13 Jul, 2026

Mobile App Security Guide: Risks, Fixes and Best Practices

Mobile app security explained simply, covering real risks, OWASP threats, encryption and practical steps to protect any app from hackers.

Read More
Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims
13 Jul, 2026

Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims

Apple OpenAI lawsuit explained. See what Apple accuses Tang Tan, Chang Liu and OpenAI of stealing, and what it means for hardware security.

Read More