British retailer Marks & Spencer (M&S) is grappling with the aftermath of a significant cyberattack that has crippled its online clothing and home sales for nearly a month. The company halted online orders on April 25, three days after disclosing the incident, and later confirmed that some customer information had been stolen. While M&S has not publicly detailed the nature of the attack, cybersecurity analysts and retail executives believe it was a ransomware operation, reportedly carried out by the hacking group Scattered Spider in connection with DragonForce. The company is said to have refused to pay a ransom and is instead rebuilding its systems from scratch.
Despite the disruption, M&S has seen a surprising uptick in in-store shopping, according to sources familiar with its recovery efforts. However, insiders caution that customer patience could wane as uncertainty continues around when full online services will resume. The company is bringing systems back online gradually, prioritising safety over speed. Some food and non-food items have been temporarily unavailable in stores, although M&S said its food stock forecasting system has now been restored and availability is improving daily.
The attack has also raised broader concerns across the UK retail sector, with industry leaders scrambling to reassess their cybersecurity frameworks. Tata Consulting Services (TCS), which manages M&S’s IT help desk, has been linked to the breach through the compromised logins of at least two of its employees, though the firm has not commented. M&S, which operates 565 stores and employs about 64,000 people, risks lasting reputational damage if it cannot quickly stabilise operations. Analysts warn that a prolonged outage could erode consumer trust and impact partnerships with third-party brands that rely on its platform.
Financial implications are mounting. Deutsche Bank estimates a weekly profit loss of about £15 million, with Investec projecting lost online sales worth up to £85 million if the situation continues until the company’s results announcement on May 21. Though M&S likely has cyber insurance, coverage is time-bound and might not offset increased labour costs, food wastage, or the need for heavy discounts to clear unsold inventory. As uncertainty looms, both staff morale and investor confidence remain at risk, and other UK retailers are bracing for similar threats.