Marks & Spencer breach linked to Scattered Spider ransomware attack

April 28, 2025 By Lawrence Abrams

Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as "Scattered Spider" BleepingComputer has learned from multiple sources.

Marks & Spencer (M&S) is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, and home goods in over 1,400 stores worldwide.

Last Tuesday, M&S confirmed it suffered a cyberattack that caused widespread disruption, including to its contactless payment system and online ordering. Today, Sky News reported that the disruption continues, with around 200 warehouse workers told to stay home as the company responds to the attack.

BleepingComputer has now learned that the ongoing outages are caused by a ransomware attack that encrypted the company's servers.

The threat actors are believed to have first breached M&S as early as February, when they reportedly stole the Windows domain's NTDS.dit file.

>>Full Article<<

Marks & Spencer Confirms Customer Data Stolen in Cyberattack

The British retailer said no account passwords were compromised in last month's cyberattack, but the company will require customers to reset passwords "for extra peace of mind."

May 14, 2025 By Kristina Beek

UK retailer Marks & Spencer (M&S) has revealed that the personal information of its customers, including telephone numbers, home addresses, and dates of birth, was stolen in a recent cyberattack on the company.

Marks & Spencer previously referred to the cyberattack as a cyber incident when it first reported the breach, initially stating that it was forced to make "minor, temporary changes" to store operations. It later acknowledged that it would have to pause online orders for customers as it tried to recover from the incident.

>>Full Article<<