{"id":12688,"date":"2025-05-29T18:33:00","date_gmt":"2025-05-29T13:03:00","guid":{"rendered":"https:\/\/threatcop.com\/blog\/?p=12688"},"modified":"2025-05-30T19:02:55","modified_gmt":"2025-05-30T13:32:55","slug":"how-did-a-cyberattack-shake-marks-spencer","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/","title":{"rendered":"How Did a Cyberattack Shake Marks &amp; Spencer?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If you&#8217;ve been following the news, you will have heard about the major cyber disruption experienced by Marks &amp; Spencer (M&amp;S). Over the Easter weekend, this iconic UK retailer&#8217;s online services, including click-and-collect, payment systems, and online ordering, stopped working. The company confirmed it was a cyberattack, and cybersecurity experts believe it was ransomware delivered by a team associated with Scattered Spider, a group known for cyberattacks on retailers.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#What_Really_Happened\" >What Really Happened?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#400_Million_Hit_to_Profits_and_Counting\" >\u00a3400 Million Hit to Profits and Counting<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#Why_Should_Your_Organization_Care_About_This_Hit\" >Why Should Your Organization Care About This Hit?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#What_Can_You_Do_Now\" >What Can You Do Now?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#Wrapping_Up\" >Wrapping Up!<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">M&amp;S is far from being a start-up or a strange company. This is a retail giant with almost 1,000 stores and billions of sales, with about a third of its clothing and home sales coming from online orders. Therefore, the downstream impact of being hit by a cyberattack is significant in terms of both operational and financial impact.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Really_Happened\"><\/span><span style=\"color: #000000;\"><b>What Really Happened?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The attackers, using <a href=\"https:\/\/threatcop.com\/blog\/examples-of-social-engineering\/\">social engineering techniques<\/a>, fooled individuals into granting them access. Rather than going after M&amp;S directly, they compromised a third-party vendor and then moved laterally into the computer systems of M&amp;S.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The group has been identified as Scattered Spider, which is known for being an organized hacking group that carries out ransomware attacks. <a href=\"https:\/\/threatcop.com\/ransomware-awareness-and-simulation\">Ransomware attacks<\/a> involve the hacker locking a company down until a ransom is paid, and while M&amp;S won&#8217;t confirm whether they paid a ransom, we would consider it likely that they did.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Here are some of the things that have recently taken a hit:&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">The online ordering system for clothes, home goods, and food<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">The click-and-collect system, as well as the contactless payment processes to customers\u00a0<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">The availability of products due to disturbance in systems nationwide<\/span><\/li>\n<\/ul>\n\n\n\n<!DOCTYPE html>\r\n<html lang=\"en\">\r\n\r\n<head>\r\n    <meta charset=\"UTF-8\">\r\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\r\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n    <title>Document<\/title>\r\n<\/head>\r\n\r\n<style>\r\n    .interestedBtn {\r\n        width: 80% !important;\r\n        box-sizing: border-box !important;\r\n        display: inline-block !important;\r\n        padding: 11px !important;\r\n        border: 1px !important;\r\n        border-color: #ddd !important;\r\n        margin-top: 10px !important;\r\n        background-color: #183e8b !important;\r\n        background-image: none !important;\r\n        text-shadow: none !important;\r\n        color: #fff !important;\r\n        font-size: 14px !important;\r\n        line-height: 20px !important;\r\n        border-radius: 5px !important;\r\n        margin: 0 !important;\r\n        cursor: pointer !important;\r\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\r\n    }\r\n\r\n\r\n        .formSec .formSecTwo{\r\n            padding-top: 15px !important;\r\n            margin-bottom: 30px !important;\r\n        }\r\n\r\n\r\n    .tnp-email {\r\n        width: 80% !important;\r\n        box-sizing: border-box;\r\n        padding: 8px 10px;\r\n        display: inline-block;\r\n        border: 1px solid #ced4da;\r\n        background: #fff;\r\n        color: #000 !important;\r\n        font-size: 13px;\r\n        line-height: 20px;\r\n        border-radius: 2px;\r\n        padding-right: 30px;\r\n        margin-bottom: 0px;\r\n    }\r\n\r\n    .formSec {\r\n        border: 1px solid #ced4da;\r\n        float: left !important;\r\n        width: 55% !important;\r\n    }\r\n\r\n    .mainBox {\r\n       \/* border: 1px solid #183e8b;*\/\r\n         background: white;\r\n        max-width: 600px !important;\r\n        margin: 0 auto !important;\r\n        padding: 20px !important;\r\n        font-family: Arial, Helvetica, sans-serif !important;\r\n    }\r\n\r\n    .boxDiv {\r\n        display: flex !important;\r\n    }\r\n\r\n    .boxConsult {\r\n        float: left !important;\r\n        width: 45% !important;\r\n        padding: 10px !important;\r\n    }\r\n\r\n    .formSecTwo {\r\n        text-align:center !important;\r\n        width: 100% !important;\r\n    }\r\n\r\n    .formHeading {\r\n        font-family: Arial, Helvetica, sans-serif;\r\n        margin-top: 0px;\r\n        font-weight: 700;\r\n        line-height: 25px;\r\n        font-size: 18px !important;\r\n        \r\n       margin-bottom: 60px !important;\r\n       color: #000!important;\r\n          margin-top: 5px !important;\r\n    }\r\n\r\n    .fieldHeading {\r\n        margin: 0 !important;\r\n        font-size: 13px !important;\r\n        text-align: left !important;\r\n        margin: 0px 39px 2px 93px !important;\r\n        font-weight: 500 !important;\r\n    }\r\n\r\n    .image {\r\n        max-width:90% !important;\r\n        height: auto !important;\r\n    }\r\n\r\n     .email-icon {\r\n            position: absolute;\r\n            right: 50px;\r\n             top: 20px;\r\n            transform: translateY(-50%);\r\n            pointer-events: none; \r\n        }\r\n\r\n          .email-container{\r\n             position: relative;\r\n         \r\n        }\r\n       \r\n\r\n        .email-icon img{\r\n                 width: 15px;\r\n        }\r\n\r\n\r\n         input::placeholder {\r\n            color:#495057;\r\n        }\r\n\r\n\r\n     ::placeholder {\r\n        color: #495057;\r\n    }\r\n\r\n        ::-ms-input-placeholder { \r\n          color:#495057;\r\n        }\r\n\r\n\r\n        input:-webkit-autofill {\r\n            background-color: transparent !important;\r\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \r\n            box-shadow: 0 0 0px 1000px white inset !important;\r\n            color: #495057 !important; \r\n        }\r\n\r\n        \r\n        input {\r\n            color:#495057 !important;\r\n        }\r\n\r\n\r\n    @media screen and (max-width: 480px) {\r\n        .boxDiv {\r\n            display: block !important;\r\n            padding: 15px !important;\r\n         \r\n        }\r\n\r\n        .image{\r\n        width: 80% !important;\r\n         margin-bottom: 14px;\r\n        }\r\n        .fieldHeading {\r\n            text-align: left !important;\r\n            margin: unset !important;\r\n        }\r\n\r\n        .boxConsult {\r\n            width: unset !important;\r\n            float: none !important;\r\n        }\r\n\r\n        .mainBox {\r\n            border: unset !important;\r\n        }\r\n\r\n        .formSec {\r\n            float: unset !important;\r\n            width: 100% !important;\r\n        }\r\n\r\n        .formSecTwo {\r\n            text-align: center !important;\r\n        }\r\n\r\n        .tnp-email {\r\n            width: 90% !important;\r\n        }\r\n\r\n        .formHeading {\r\n            margin-bottom: unset !important;\r\n        }\r\n\r\n         .email-icon {\r\n            position: absolute;\r\n            right: 25px;\r\n            top: 58%;\r\n            transform: translateY(-50%);\r\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\r\n        }\r\n       \r\n        .email-container{\r\n             position: relative;\r\n        }\r\n\r\n    }\r\n<\/style>\r\n\r\n<body>\r\n\r\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\r\n\r\n        <div class=\"boxDiv\">\r\n\r\n            <div class=\"boxConsult\">\r\n                <div>\r\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\">\r\n                        Book a Free Demo Call with Our People Security Expert<\/h3>\r\n                <\/div>\r\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\r\n            <\/div>\r\n\r\n            <div class=\"formSec\">\r\n                <div class=\" formSecTwo\">\r\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\">Enter your details<\/h4>\r\n                    <div class=\"tnp tnp-subscription-minimal\">\r\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\r\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\r\n\r\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\r\n                                    placeholder=\"Full Name\">\r\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\r\n                            <\/div>\r\n\r\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\r\n                               \r\n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\r\n                                    placeholder=\"Corporate Email Id\">\r\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\r\n                            <\/div>\r\n\r\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\r\n                               \r\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\r\n                                    placeholder=\"Company Name\">\r\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\r\n\r\n                            <\/div>\r\n\r\n                            <div class=\"email-container\">\r\n                               \r\n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\r\n                                    placeholder=\"Phone No.\"><br>\r\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\r\n                            <\/div>\r\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\r\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\r\n                                value=\"SUBMIT\">\r\n\r\n                        <\/form>\r\n                    <\/div>\r\n                <\/div>\r\n            <\/div>\r\n\r\n        <\/div>\r\n    <\/div>\r\n\r\n<\/body>\r\n\r\n<\/html>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"400_Million_Hit_to_Profits_and_Counting\"><\/span><span style=\"color: #000000;\"><b>\u00a3400 Million Hit to Profits and Counting<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">It is estimated that this attack could cost M&amp;S around \u00a3400 million in profits this year. That&#8217;s about 30% of annual profits wiped out in almost no time! It is bigger than a number on a page.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">That loss is measured in disrupted supply chains, annoyed customers, lost sales, and manual workarounds costing the company. The online store only shut down for just under 1 month, but it could be the end of July until the company returns to full working order. Share prices have dropped, suppliers had to shift to manual ordering processes, and consumers faced delays or stock shortages.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Their CEO, Stuart Machin, called it &#8220;a highly sophisticated and targeted incident.&#8221; Just a year ago, the company participated in cyberattack exercises; however, the hackers still got through.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Should_Your_Organization_Care_About_This_Hit\"><\/span><span style=\"color: #000000;\"><b>Why Should Your Organization Care About This Hit?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If a company as mature as M&amp;S can experience this extent of disruption, it should wake everyone up. Here are some key reminders this incident raises:<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #000000;\"><b>Ransomware Attacks Are Not Just Technology, But People, Too.<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Hackers manipulated the situation using social engineering. This shows that no matter how effective your firewalls or your antivirus are, if a staff member or partner makes a mistake, intruders will get in. Phishing, impersonation, or lenient third-party governance are still highly hazardous.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #000000;\"><b>Third-Party Risk Is Real and Expensive<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The breach was a result of a third-party situation. If your vendors, suppliers, or contractors have lax security, they represent your <a href=\"https:\/\/threatcop.com\/blog\/weakest-link-in-cyber-security\/\">weakest link<\/a>. This attack should remind all of us to regularly audit and manage third-party risks purposefully.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #000000;\"><b>Have a Business Continuity Plan<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">M&amp;S was able to take the website offline quickly to protect both customers and systems, which was a difficult but necessary decision. Their previous mock testing of how to respond to a cyberattack allowed them to react quickly. A well-trained and tested plan can be the difference between chaos and order.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #000000;\"><b>The Financial Fallout Is Not Just Ransom<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Even if a ransom is not paid (M&amp;S has not disclosed), the costs of the attack continue to mount: lost revenue, forced logistics, reputational damage, increased insurance premiums, possible fines for the data breach, etc. <a href=\"https:\/\/threatcop.com\/blog\/cybersecurity-for-insurance-companies\/\">Cyber insurance<\/a> may assist, but it is unlikely to cover all the damages to M&amp;S.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #000000;\"><b>Recovery Takes Time and Perseverance<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">M&amp;S has stated that after three weeks they can expect to restart their full online operations in three months. So for your organization, incident response is not just the breach but managing the business impacts over weeks, if not months.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Can_You_Do_Now\"><\/span><span style=\"color: #000000;\"><b>What Can You Do Now?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">First, start an employee awareness and social engineering program and assess the level of preparedness of your team and vendors. Are your employees and vendors able to recognize phishing or social engineering attempts? How often does your organization test and train your employees?<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Start a phishing simulation and run realistic simulations of current hacker tactics. Along with this, conduct vendor security assessments focused on access controls and incident response plans.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Wrapping_Up\"><\/span><span style=\"color: #000000;\"><b>Wrapping Up!<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The Marks &amp; Spencer cyberattack is a stark reminder. No organization is immune from advanced threats, and the financial costs of complacency are very high. Their experience also shows that a well-constructed level of preparedness and prompt and open response to threats can significantly weather the storm.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">You need to think through the following questions to navigate the storms:&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">How prepared are we if a critical business period is hit by a high-impact attack?\u00a0<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">What flaws could a clever social engineering trick reveal?<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Now is the time to review, rehearse, and reinforce.<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">As an easy way to create an overall strategy, you can utilize a four-step formula. Assess your employees, engage more awareness in your teams, protect your system, and empower them.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;ve been following the news, you will have heard about the major cyber disruption experienced by Marks &amp; Spencer (M&amp;S). Over the Easter weekend, this iconic UK retailer&#8217;s online services, including click-and-collect, payment systems, and online ordering, stopped working. The company confirmed it was a cyberattack, and cybersecurity experts believe it was ransomware delivered [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12689,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-people-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Did a Cyberattack Shake Marks &amp; Spencer?<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Did a Cyberattack Shake Marks &amp; Spencer?\" \/>\n<meta property=\"og:description\" content=\"If you&#8217;ve been following the news, you will have heard about the major cyber disruption experienced by Marks &amp; Spencer (M&amp;S). Over the Easter weekend, this iconic UK retailer&#8217;s online services, including click-and-collect, payment systems, and online ordering, stopped working. The company confirmed it was a cyberattack, and cybersecurity experts believe it was ransomware delivered [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-29T13:03:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-30T13:32:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-1-min.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"How Did a Cyberattack Shake Marks &amp; Spencer?\",\"datePublished\":\"2025-05-29T13:03:00+00:00\",\"dateModified\":\"2025-05-30T13:32:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/\"},\"wordCount\":928,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-1-min.jpg\",\"articleSection\":[\"People Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/\",\"name\":\"How Did a Cyberattack Shake Marks & Spencer?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-1-min.jpg\",\"datePublished\":\"2025-05-29T13:03:00+00:00\",\"dateModified\":\"2025-05-30T13:32:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-1-min.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-1-min.jpg\",\"width\":900,\"height\":600,\"caption\":\"How Did a Cyberattack Shake Marks & Spencer\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/how-did-a-cyberattack-shake-marks-spencer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Did a Cyberattack Shake Marks &amp; Spencer?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Did a Cyberattack Shake Marks & Spencer?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/","og_locale":"en_US","og_type":"article","og_title":"How Did a Cyberattack Shake Marks & Spencer?","og_description":"If you&#8217;ve been following the news, you will have heard about the major cyber disruption experienced by Marks &amp; Spencer (M&amp;S). Over the Easter weekend, this iconic UK retailer&#8217;s online services, including click-and-collect, payment systems, and online ordering, stopped working. The company confirmed it was a cyberattack, and cybersecurity experts believe it was ransomware delivered [&hellip;]","og_url":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2025-05-29T13:03:00+00:00","article_modified_time":"2025-05-30T13:32:55+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-1-min.jpg","type":"image\/jpeg"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"How Did a Cyberattack Shake Marks &amp; Spencer?","datePublished":"2025-05-29T13:03:00+00:00","dateModified":"2025-05-30T13:32:55+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/"},"wordCount":928,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-1-min.jpg","articleSection":["People Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/","url":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/","name":"How Did a Cyberattack Shake Marks & Spencer?","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-1-min.jpg","datePublished":"2025-05-29T13:03:00+00:00","dateModified":"2025-05-30T13:32:55+00:00","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-1-min.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-1-min.jpg","width":900,"height":600,"caption":"How Did a Cyberattack Shake Marks & Spencer"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/how-did-a-cyberattack-shake-marks-spencer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How Did a Cyberattack Shake Marks &amp; Spencer?"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=12688"}],"version-history":[{"count":2,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12688\/revisions"}],"predecessor-version":[{"id":12693,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12688\/revisions\/12693"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/12689"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=12688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=12688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=12688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}