Overview
In April 2025, M&S experienced a significant cyberattack that disrupted its operations. The attack, attributed to the hacking group Scattered Spider, led to the suspension of online orders and affected store inventories. The breach is believed to have occurred through a third-party contractor, Tata Consultancy Services (TCS), via social engineering tactics.
Impact
- Financial Loss: M&S estimates a £300 million ($400 million) hit to its operating profit due to the attack.
- Operational Disruption: Online services, including clothing and home goods sales, were halted. The company had to resort to manual processes, affecting product availability in stores.
- Customer Data: Some personal customer information, such as names and addresses, was accessed. However, payment details remained secure.
Response and Recovery
M&S has taken steps to mitigate the impact:
- System Restoration: Efforts are underway to restore online services, with full functionality expected by July 2025.
- Security Measures: The company is accelerating its digital transformation and enhancing cybersecurity protocols.
- Customer Communication: M&S has been transparent with customers, providing updates and support throughout the incident.
Looking Ahead
Despite the challenges, M&S remains committed to strengthening its operations and ensuring customer trust. The incident underscores the importance of robust cybersecurity measures, especially when relying on third-party vendors.
We will update this article as more information is released
