Easter Weekend cyberattack disrupts M&S online operations
Marks & Spencer has confirmed that a cyberattack over the Easter weekend caused significant disruption across its digital platforms and in-store processes. The incident forced the British retailer to suspend online orders, impacting sales, logistics, and remote work systems.
M&S stated it was taking “proactive” measures to contain the incident and has engaged leading cybersecurity experts to assist in restoring services.
The company issued a public apology, noting that customers could still browse products online but were unable to place orders through its websites or mobile apps. Stores remained open for in-person shopping during the disruption.
According to the company, there is currently no indication that customer data was accessed or compromised. “Shoppers do not need to take any action,” the retailer said, implying no immediate threat to consumer accounts.
Stock value drops and sales losses escalate
The outage had a swift financial impact. City AM reports that Marks & Spencer’s stock fell by 10% following the breach. The Guardian estimates that with online clothing and homeware sales generating around £1.26 billion annually, the retailer is losing approximately £3.8 million in daily revenue due to the outage.
Over the course of the following week, the incident wiped more than £500 million off the company’s market value. M&S has not shared a projected timeline for full recovery.
Brand trust under pressure
Analysts are highlighting reputational damage as a growing concern. Dan Coatsworth, an investment analyst at AJ Bell, told the BBC that the brand’s reputation for trust was now “drawn into question.” He warned that continued uncertainty about the breach could further erode customer confidence.
“Shoppers want to know that their personal and financial details are safe when buying goods online,” Coatsworth said. “Marks & Spencer failing to give the all-clear implies that something is very wrong at its end.”
No confirmation yet on Scattered Spider link
Although initial reports on related disruptions at M&S tied the incident to a ransomware attack attributed to the Scattered Spider group, the company has not confirmed any attribution in its official statement. Investigations into the nature of the attack are ongoing.
Retail sector increasingly targeted
Experts say the incident highlights broader cybersecurity concerns across the retail sector. Matt Hull, NCC Group’s Global Head of Threat Intelligence, noted that ransomware attacks in February 2025 alone rose by 50% from the previous month, with 886 confirmed cases.
“Cybercriminals are increasingly targeting data-rich sectors like retail,” Hull said. “There is an urgent need for organisations to strengthen their cybersecurity postures.”
According to the UK government’s 2024 cybersecurity breaches survey, half of UK businesses experienced a cyber incident in the past year. The most frequent threats include phishing, malware, and social engineering, with phishing being especially prevalent in retail environments.
Common security measures in use include updated malware protection, password policies, restricted admin access, cloud backups, and network firewalls. These are considered basic “cyber hygiene” protocols by the government.
As investigations continue at Marks & Spencer, the case underscores the operational, financial, and reputational risks faced by enterprises amid rising cyber threats.
