A digital warning graphic showing a red triangle with a padlock icon and the bold text "CYBER ATTACK" beneath it, set against a dark background filled with blurred alphanumeric code and glitch-like effects to convey the concept of a cybersecurity threat.

Avoiding Being Marks & Spencer

June 17, 20252 min read

As Marks & Spencer resume some online orders, we review what happened, how it happened and how you can prevent it happening to you. 

In late April 2025, Marks & Spencer (M&S), a household name in the UK, found itself in the middle of a serious cyberattack. A sophisticated strain of ransomware—known as DragonForce—was unleashed by the notorious Scattered Spider gang, bringing M&S’s online clothing, homeware, and beauty shopping to a standstill. Payment systems like click-and-collect and contactless also went offline, and millions of customers had their personal details accessed. The attackers got in through a vulnerable third-party IT help desk, wiping out an estimated £300–400 million in profits and slashing the company’s market value by over £1 billion. Rebuilding its digital infrastructure will likely stretch into July.

How the hackers got in 

The breach started when hackers targeted a vendor—specifically a Tata Consultancy Services (TCS) help-desk employee—via social engineering. By posing as legitimate M&S staff, they tricked the contractor into handing over credentials, which then opened the door to M&S’s internal systems.  

What they did

Detected around the Easter weekend, the attack was both bold and damaging: 

What was the impact

What does this mean for your business

This incident shows ransomware doesn't just break through firewalls—it breaks through people. Here’s the layered defence every organisation should embrace: 

This high profile breach serves as a wake-up call: no organisation is immune. It's not just about investing in technology, but building resilience in people and processes. Prevention doesn't require perfection, but vigilance - and readiness to respond when someone tries to tick you.

Back to Blog