M&S Faces Cyber Attack Disrupting Stores and Services

Abhimanyu Singh
Abhimanyu Singh

Engineering Manager

 
April 30, 2025 3 min read

M&S Cyber Attack Overview

BBC A white sign on the door of a Marks and Spencer branch in London reads "our digital click & collect service is temporarily unavailable" in large capital letters. Underneath it says: "We're experiencing technical issues with digital collection and returns. Please speak to a colleague if you need assistance."
Image courtesy of BBC

Marks and Spencer (M&S) is currently dealing with a significant cyber attack that has severely impacted its operations. The attack has led to the suspension of online ordering systems and has resulted in empty shelves across various stores. Initial reports indicate that a ransomware group known as DragonForce may be behind the attack, which has raised concerns about the potential extortion of the retailer.

Security experts highlight that the complexity of M&S's systems makes the recovery process lengthy and challenging. Professor Alan Woodward, a cybersecurity expert, emphasized that the disruption involves intricate systems critical for inventory management and payment processing. Lisa Forte from Red Goat noted the unrealistic expectation for rapid recovery in such incidents.

Ransomware and Recovery Challenges

A close-up photo of the Marks and Spencer website shows a black banner with white font informing visitors: "We have paused online orders".
Image courtesy of BBC

The nature of the attack appears to be ransomware, which locks users out of their systems and encrypts their data, requiring a ransom for restoration. Experts suggest that M&S is likely facing a ransom demand, potentially amounting to millions. Dan Card from BCS described the recovery from such attacks as akin to a "digital bomb" going off, complicating the operational recovery process.

M&S has not publicly confirmed any ransom demands, and the attackers have not revealed themselves. The DragonForce group is known for allowing other hackers to utilize their software, leading to speculation about potential connections to the hacking group Scattered Spider, which has been linked to similar attacks.

Store Operations and Customer Impact

BBC Empty food shelves in M&S store in Marble Arch, central London
Image courtesy of BBC

M&S has reported that some stores are experiencing noticeable shortages due to the cyber incident. The company paused online orders and faced disruptions in contactless payments and Click & Collect services. As a result, shelves have been left empty, prompting customer complaints regarding product availability.

The company is actively working on restoring services and has engaged external cybersecurity experts, including Microsoft and CrowdStrike, to assist in managing the crisis. Although M&S is making efforts to improve availability, the ongoing disruptions during a busy retail period are affecting sales and customer trust.

Cybersecurity Incident Management

Sign on M&S shelf saying Please bear with us while we fix some technical issues affecting product availability.
Image courtesy of BBC

In response to the incident, M&S has reported the attack to the relevant data protection authorities and the UK's National Cyber Security Centre (NCSC). The company's leadership has acknowledged the inconvenience caused to customers and reassured them that no immediate action is required on their part.

Experts in the cybersecurity field emphasize the importance of transparency and effective communication during such incidents. GrackerAI can assist organizations like M&S by automating insights from security news to enhance their communications and marketing strategies. By leveraging tools like GrackerAI, businesses can transform cybersecurity developments into actionable content, ensuring timely and relevant customer engagement.

Conclusion

M&S's cyber attack highlights the critical need for robust cybersecurity measures. As companies face increasing threats, leveraging advanced cybersecurity marketing tools like GrackerAI can provide essential insights and strategic content opportunities. Explore how GrackerAI can support your organization in navigating cybersecurity challenges and enhancing your marketing efforts at GrackerAI.

Abhimanyu Singh
Abhimanyu Singh

Engineering Manager

 

Engineering Manager driving innovation in AI-powered SEO automation. Leads the development of systems that automatically build and maintain scalable SEO portals from Google Search Console data. Oversees the design and delivery of automation pipelines that replace traditional $360K/year content teams—aligning engineering execution with business outcomes.

Related Articles

Optimizing SEO for AI Search: Best Practices and Strategies

Bay Area, CA - Salazar Digital has developed a marketing strategy designed to excel in AI-driven search rankings. As artificial intelligence reshapes how search engines evaluate and rank content, traditional SEO methods alone are insufficient. Salazar Digital combines technical expertise, creative content strategies, and user-centric design to enhance visibility and user engagement.

By Hitesh Kumawat July 29, 2025 4 min read
Read full article

Leveraging AI Analytics for Customer Engagement and Business Growth

Customer Profitability Analysis AI Agents are transforming how businesses understand and maximize customer value. These digital teammates utilize advanced machine learning to deliver real-time insights, predict future profitability, and provide granular analysis of customer profitability. By automating complex data processing and offering actionable recommendations, they streamline what was once a labor-intensive process into a dynamic powerhouse of predictive analytics.

By Govind Kumar July 29, 2025 4 min read
Read full article

Launch of New Master’s Programs in Digital Marketing Worldwide

The University of Technology Bahrain (UTB) has launched its Master of Science in Digital Marketing program, highlighted during a ceremony attended by key figures in the education sector. Dr. Hasan Almulla, President of UTB, expressed gratitude to the Higher Education Council and emphasized the program's relevance in the rapidly evolving field of digital marketing. "The field of digital marketing is witnessing unprecedented growth, and our program is designed to keep up with this transformation," he stated.

By Ankit Lohar July 28, 2025 3 min read
Read full article

400,000 WordPress Sites at Risk: Critical Plugin Flaw Exposed

A serious vulnerability, known as CVE-2025-24000, has been identified in the Post SMTP WordPress plugin, which is utilized by over 400,000 websites. This vulnerability allows low-privileged users to take control of administrator accounts due to broken access controls in the plugin’s REST API. The flaw, rated with a CVSS score of 8.8, has been addressed in version 3.3.0 of the plugin.

By Vijay Shekhawat July 28, 2025 3 min read
Read full article