Marks & Spencer (M&S) has disclosed that a recent cyberattack could result in a £300 million ($402 million) profit hit, driven by operational shutdowns, prolonged sales disruption, and ongoing recovery costs.
In a regulatory filing submitted to the London Stock Exchange, M&S confirmed that its online retail systems remain offline. The retailer expects the disruption to extend through at least July.
The attack has been linked to Scattered Spider, a well-known cybercriminal collective targeting high-profile companies. M&S later confirmed that customer data was stolen and servers were encrypted during the incident.
“Losses are related to systems downtime, significant sales disruption, and extensive recovery efforts,”
— Marks & Spencer filing
Attack Tied to DragonForce and Wider UK Retail Campaign
Threat intelligence has connected this breach to DragonForce, a ransomware group that has also claimed responsibility for attacks on Co-op and Harrods.
- Co-op confirmed that data belonging to current and former members was accessed during their breach.
- Harrods reported restricted internet access across its network in response to an infiltration attempt.
All three incidents are believed to be part of a coordinated campaign that began targeting UK retailers in April.
UK and US Authorities Sound Alarm
The UK National Cyber Security Centre (NCSC) issued fresh cybersecurity guidance in response to this campaign. It warned that the Scattered Spider attacks should serve as a “wake-up call” to organizations in retail and other sectors.
“Any UK organization could be the next target,”
— NCSC statement
Meanwhile, Google has issued its own warning, confirming that Scattered Spider actors have recently expanded their operations to U.S. retailers, intensifying the threat landscape across both regions.
