Marks & Spencer has been hit by a significant cyber-attack, with experts linking the breach to the hacking group known as Scattered Spider.
The same group has previously targeted major US corporations, including MGM Resorts and Caesars Entertainment.
The incident has caused prolonged disruption to M&S’s online services, with digital sales halted for five consecutive days.
On average, the company generates £3.8 million per day through online sales. As a result of the ongoing outage and investor uncertainty, M&S has seen more than £500 million wiped off its stock market value within a week.
Technology sources have reported that ransomware was used in the attack to encrypt critical systems at M&S.
The hackers are believed to have accessed sensitive data as early as February, using this information to compromise systems last week. The ransomware is said to originate from a group known as DragonForce.
The origin of the attack is believed to be a third-party supplier, though it remains unclear whether M&S itself was directly targeted. The company has not released specific details about the incident, maintaining a cautious stance during ongoing investigations.
Cybersecurity analysts believe the disruption strongly suggests a ransomware-based assault. These attacks involve encrypting internal systems and demanding payment in exchange for restoration.
Scattered Spider, also referred to as Octo Tempest, is a relatively unique collective in the cybercrime world, largely composed of English-speaking individuals from the UK and the US. Unlike many cyber gangs based in Eastern Europe, this group is known for its aggressive tactics and high-profile targets.
Security researchers believe the hackers may have used phishing emails or social engineering techniques, such as impersonating employees during phone support calls, to gain access to internal networks.
The attack has impacted some store functions as well. While physical shops remain open and accept both cash and card payments, customers are currently unable to use gift cards. Item returns are restricted to tills in clothing and homeware branches or via postal returns, with food stores unable to process returns at this time.
Experts warn that the attack on M&S could signal broader threats to other UK retailers. With ransomware groups increasingly targeting high-profile businesses to maximise pressure and payouts, the retail industry is on high alert.
Cybersecurity firms urge businesses to strengthen their digital defences, review supplier access, and implement robust phishing protections to mitigate future risks.
