Hackers infiltrate Marks and Spencer systems for over two days before devastating cyberattack is discovered in the United Kingdom
Breaking

Hackers infiltrate Marks and Spencer systems for over two days before devastating cyberattack is discovered in the United Kingdom

What started as a strong year for one of Britain’s most iconic retailers quickly turned into a crisis no one saw coming.

Marks & Spencer, known for its trusted name on the High Street, has found itself at the center of a cyberattack so severe that it’s caused financial chaos, sleepless nights for staff, and mounting concern among millions of loyal customers.

Hackers Were Inside for Days Before Anyone Noticed

Insiders have revealed that cyber attackers had access to M&S’s systems for a staggering 52 hours before the breach was even detected.

The group believed to be behind it? A notorious hacking collective known as Scattered Spider—a predominantly British and American group that has a reputation for targeting major corporations.

This time, they allegedly infiltrated the system using a third-party contractor.

By the time the attack was uncovered, the damage was already well underway, plunging the company into a deep crisis.

A Billion-Pound Blow and Around-the-Clock Damage Control

Since the cyberattack, Marks & Spencer has lost an estimated £1 billion in market value on the stock exchange.

Staff members are reportedly working up to 24 hours a day, doing everything in their power to contain the fallout.

One source told The Times that a single “human error” was to blame for what they described as a “colossal mistake.”

The breach spanned a five-day attack phase, during which internal crisis teams scrambled to protect customer data and business operations.

What Kind of Customer Information Was Stolen?

The hackers reportedly accessed “masked” payment details—typically the last four digits of cards used online.

But it didn’t stop there. Other compromised data may include:

  • Full names

  • Email addresses

  • Phone numbers

  • Postal addresses

  • Dates of birth

  • Online shopping history

  • Household information

Although it’s unclear exactly how many shoppers were affected, some customers have already noticed a sharp increase in suspicious messages and scam emails claiming to be from M&S.

M&S Urges Caution But Tries to Reassure Customers

In a letter sent out to customers, Operations Director Jayne Wall acknowledged that some personal data had been taken.

However, she stressed that no usable payment card information or account passwords had been stolen.

Her advice? Stay alert. “We will never ask for your password or private account details,” she reminded customers, while urging them not to fall for fake M&S emails, texts, or calls.

Could the Data End Up on the Dark Web?

While so far there’s no sign that the stolen data has surfaced on leak sites, cybersecurity experts are warning that this could change.

Rafe Pilling, director of intelligence at security firm Sophos, said it’s likely that hackers are now “leveraging the data” they obtained.

The attack’s method matched previous patterns used by Scattered Spider, particularly their use of DragonForce software, which helped them breach M&S’s IT defenses.

Poor Timing as Annual Results Loom

The timing couldn’t be worse. M&S is due to release its annual financial results on May 21, and this breach has cast a long shadow over what should’ve been a celebratory moment.

Last year, the retailer posted a remarkable £840 million profit—but 2025 is telling a different story.

Dan Coatsworth, an investment analyst at AJ Bell, didn’t sugarcoat it. “2025 is going down in history as one of the retailer’s worst ever years,” he said.

He also criticized the company’s delayed public response, saying M&S has an obligation to notify customers immediately when their information is compromised.

Calls for Accountability Amid a PR and Tech Meltdown

Even M&S shareholders are struggling to stay optimistic.

Shareholder Danny Wallace told The Times he was “disappointed” in the leadership but admitted someone would ultimately have to shoulder the blame.

Cybersecurity professor Alan Woodward from the University of Surrey said the fact that online sales are still suspended weeks after the attack—since April 25—shows the company may not have been fully prepared.

Experts Say M&S Will Survive—But the Damage Is Done

Retail analyst Richard Hyman called the incident “embarrassing” but believes M&S will survive the reputational and financial blow.

Still, for a brand that has been around since 1884, the expectations for digital resilience were understandably higher.

The Co-op Was Also Targeted—And M&S May Have Helped

Interestingly, the Co-op experienced a similar cyberattack shortly after M&S.

The grocery chain had to apologize after members’ personal data was stolen and continues to deal with tech issues.

Sources suggest the Co-op pulled the plug on its systems soon after receiving advice from M&S.

While their shelves are expected to be restocked soon, the breach left lasting impacts on both operations and public trust.

Law Enforcement Investigates Possible Link Between Attacks

The National Crime Agency has launched a full investigation and is working with other law enforcement bodies to determine whether the M&S and Co-op attacks are connected.

“We are considering the incidents individually, but are mindful they may be linked,” the agency said.