Digital News

6th May 2025 

Marks & Spencer Hit by Major Cyber-Attack Causing Store Disruptions

Marks & Spencer (M&S) has confirmed that a significant cyber-attack has caused widespread operational disruptions, including product shortages and the suspension of online orders. As a precaution, the company took several IT systems offline, affecting both its physical and digital services. This has resulted in an estimated £3.8 million daily loss in online sales (The Guardian, 2025).

Deliveries of packaged food items to Ocado, its online grocery partner, have also been paused (PA Media, 2025). The attack impacted services in-store, including contactless payments and order collections. While card and cash payments have resumed, other services, such as gift card usage and food returns remain limited. Customers have been advised to wait for official “ready to collect” notifications before visiting stores (M&S Social Media, 2025).

Who Is Behind the Attack?

The hacking group ‘Scattered Spider’ has been linked to the incident. The Metropolitan Police’s cybercrime unit, alongside the National Crime Agency and the National Cyber Security Centre (NCSC), is currently investigating the breach.

According to Graeme Stewart, Head of Public Sector at cybersecurity firm Check Point:

 “Scattered Spider is one of the most dangerous and active hacking groups we are monitoring. Since they first appeared in 2022, they have been linked to more than 100 targeted attacks across industries such as telecoms, finance, retail, and gaming” (Sky News, 2025).

This group uses social engineering tactics, such as impersonating IT staff or conducting SIM swapping to exploit human vulnerabilities rather than technical flaws

 Financial and Reputational Fallout

The uncertainty surrounding the duration of the disruption has had a significant financial impact, with M&S’s stock value falling by £600 million. The timing of the incident is particularly damaging, as it coincides with a period of strong trading M&S grocery sales had risen by 14.4% in the 12 weeks prior to the breach (Kantar, 2025).

Cybersecurity experts have also warned customers to remain vigilant against potential scams exploiting the incident (PA Media, 2025).

Why does this matter to the Social Care Sector ?.

While M&S operates in retail, the lessons from this cyberattack apply across all sectors including health and social care.

Cyberattacks can severely disrupt services, compromise sensitive personal data, and erode public trust. For the Liverpool Social Care Partnership (LSCP) and other care providers, protecting data isn’t just a regulatory requirement, it’s a moral duty to those we serve.

“To ensure consistent protection of sensitive data, reduce risks, and maintain trust, we must prioritise cybersecurity across all levels of our organisations.”     – Ann Garvey, Data Security Protection Toolkit (DSPT) Lead, LSCP.

How to Strengthen Cybersecurity in Social Care To safeguard your organisation and service users:

 ✅ Provide regular cybersecurity training for all staff

 ✅ Enable multi-factor authentication across systems

 ✅ Use secure, regularly updated software and platforms

 ✅ Register for alerts from the NCSC’s Early Warning system

 ✅ Stay compliant with the Data Security Protection Toolkit (DSPT)

 ✅ Create and rehearse incident response plans

Whether you’re a large or small organisation, staying informed and prepared is key to avoiding disruption and protecting data.

 Sources and Further Reading

1. The Guardian. (2025, April 24). M&S cyber-attack causes stock shortages and online disruption. https://www.theguardian.com

2. PA Media. (2025, April 24). Cybercrime unit investigates M&S IT systems attack. https://www.pressassociation.com

3. Kantar. (2025, April 22). UK Grocery Market Share. https://www.kantar.com

4. M&S Official Social Media Updates (April 23–30, 2025)https://twitter.com/marksandspencer

5. Sky News. (2024, April 24). Who are Scattered Spider?   https://news.sky.com/story/scottish-man-linked-to-hacking-group-scattered-spider-among-five-charged-in-us-13257514