The cyberattack on Marks & Spencer (M&S) last month has been traced to a third party. Hackers exploited this third party’s access to the British retailer’s systems to execute the attack, according to BBC News. Although the retailer has refrained from disclosing specific details about the breach, it has significantly impacted its back-end operations, resulting in millions of pounds in lost sales and a major disruption of online services.
“Our stores have remained open and availability is now in a much more normal place with stores well stocked this weekend,” said an M&S spokesperson.
On 22 April 2025, the company first reported that it had been targeted by a cyberattack. Subsequently, it paused online orders and took some food-related systems offline, leading to empty shelves in some stores. In an effort to manage the situation, M&S also temporarily shut down many of its IT operations, locking itself out of core systems to address the breach effectively.
Last week, M&S acknowledged that some customer data was compromised in the attack. This may include names, birth dates, contact details, and order histories. However, the company emphasised that there is no evidence of data being shared externally. Additionally, M&S assured that any stolen card information would be unusable, as full card payment details are not stored on its systems. As a precautionary measure, M&S mandated all account holders to reset their passwords during their next login attempt on the website or app.
The cyberattack was attributed to DragonForce, a criminal group that has claimed responsibility for similar incidents involving the Co-op and an attempted breach at Harrods. The attackers, identified as affiliates of DragonForce, employed Scattered Spider social engineering tactics to infiltrate M&S’s internal network.
M&S to release annual results amid cyberattack fallout
M&S is slated to announce its annual results on Wednesday. The financial impact of the cyberattack is expected to dominate discussions after it releases the results. Analysts from Bank of America estimate that M&S has incurred sales losses over £40m weekly since the attack began over the Easter bank holiday weekend. The primary challenge remains restoring full functionality to its online system, which generates approximately one-third of its clothing and homeware sales.
Meanwhile, the Co-op has also restored its systems, with stock availability and payment methods returning to normal. The organisation, which operates over 2,500 supermarkets and 800 funeral homes across the UK, had to shut down parts of its IT systems after the attack.
Read more: Google warns US retailers of Scattered Spider cyber threats
