Listen to this Post
Retail Giant Reels from Cyberattack That Cripples Online Sales and Exposes Customer Data
British retail powerhouse Marks & Spencer (M\&S) is currently dealing with the financial and operational aftermath of a devastating cyberattack that could slash its annual operating profit by as much as £300 million (\$402 million). The attack, confirmed to have been carried out by the notorious Scattered Spider hacking group, has crippled M\&S’s digital infrastructure, disrupted online operations, and triggered significant costs in logistics, system recovery, and lost sales.
In a public filing with the London Stock Exchange, M\&S disclosed that its food division has been hampered by reduced product availability, while online sales across Fashion, Home & Beauty departments have been completely halted since the attack. With online shopping paused and operations reliant on manual processes, the company is grappling with higher waste, logistics inefficiencies, and supply chain delays.
The cyberattack, which involved ransomware deployed through DragonForce encryptors targeting VMware ESXi hosts, impacted roughly 1,400 retail locations and forced a complete suspension of e-commerce activity. M\&S expects these operational disruptions to last until at least July 2025, with a phased restart planned.
Scattered Spider, the group behind the breach, is linked to a broader campaign targeting UK retailers. Other high-profile victims include Co-op and Harrods, both of which experienced data breaches and operational issues. UK authorities, including the National Cyber Security Centre (NCSC), are urging businesses to fortify their defenses in light of the growing threat.
Adding to concerns, tech giant Google reported that the same threat actors have begun extending their reach to US retailers. As a response, cybersecurity analysts have highlighted the MITRE ATT\&CK framework, which outlines techniques responsible for 93% of attacks globally, stressing the urgent need for proactive defense.
What Undercode Say:
The cyberattack on Marks & Spencer marks a critical turning point for UK retail cybersecurity. It’s not just another breach — it’s a sign of how deeply embedded cybercriminal networks like Scattered Spider have become in targeting global supply chains and operational infrastructures.
The magnitude of the damage — potentially £300 million in losses — reveals how unprepared even major corporations can be when it comes to modern, sophisticated ransomware. The attackers knew precisely where to strike: the virtual machines that powered core retail systems. By encrypting VMware ESXi hosts, the hackers didn’t just take down an app or a payment processor — they shut down entire platforms.
M\&S’s reliance on online retail for a substantial portion of its sales, particularly in Fashion and Beauty, exposed a vulnerability that many legacy retailers face as they digitize. With stores still operational, the fallout has been mitigated slightly, but the pause in e-commerce has forced the company to revert to manual processes. This not only slows efficiency but also inflates operational costs — everything from spoilage in food logistics to delayed stock rotation.
Scattered Spider has proven itself more than capable.
The fact that Harrods and Co-op were also hit shows a clear, targeted campaign against the UK retail industry. Cyberattacks are no longer isolated IT concerns — they are boardroom-level crises. The warning from the UK’s NCSC isn’t mere policy noise; it’s a red alert.
Insurers will play a major role moving forward. While M\&S plans to offset losses through cost-cutting and insurance claims, rising premiums and stricter conditions could mean businesses must take prevention more seriously. Reactive models are no longer sustainable.
This attack also puts pressure on supply chain partners, logistics networks, and customer trust. The stolen data could fuel phishing campaigns or identity theft, extending the impact well beyond M\&S’s servers.
With Google confirming similar attacks targeting US retailers, this is clearly not a regional issue. It’s a global threat landscape where advanced persistent threat (APT) groups are leveraging publicly available ransomware-as-a-service kits, and striking with pinpoint accuracy.
The inclusion of MITRE ATT\&CK techniques in the narrative emphasizes the growing need for threat-informed defense. Organizations must integrate threat intelligence into their security operations and prepare for attacks that hit at the intersection of digital systems and real-world logistics.
Ultimately, the M\&S breach is not just about ransomware. It’s about an evolving cyber war being waged against the backbone of consumer economies. Businesses that fail to learn from this event may find themselves next on the hit list.
Fact Checker Results ✅
🔍 M\&S publicly confirmed the breach via the London Stock Exchange.
🛡️ Attack attributed to Scattered Spider, using DragonForce ransomware.
📉 Estimated £300M financial impact verified by official statements.
Prediction:
Cyberattacks on retail chains are expected to rise sharply in the next 12 months, with sophisticated ransomware groups like Scattered Spider expanding their targets across Europe and the US. Marks & Spencer’s incident will likely serve as a case study for disaster recovery and cybersecurity policy updates across the industry. As insurance firms tighten cybersecurity prerequisites, expect increased investments in endpoint protection, threat detection, and employee training throughout the sector. Retailers that fail to secure both physical and virtual assets will not only risk financial loss but also long-term brand damage.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub:
https://www.linkedin.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
