M&S cyberattack fallout entered its second week on Friday, leaving one of the UK’s top retailers unable to process online orders. Marks & Spencer’s website and app remain offline for clothing and home purchases after a serious cybersecurity breach that surfaced over the Easter weekend.
The company stopped taking orders on April 25, affecting both click-and-collect and contactless payment systems. So far, the attack has wiped out approximately £700 million ($930 million) from M&S’s market value.
Meanwhile, Co-op Group disclosed a separate cyberattack. On Friday, it confirmed that hackers stole personal data from a significant number of its current and former members. Stolen information includes names, contact details, and birthdates, raising concerns over potential identity theft.
While these incidents unfolded, Harrods also reported a cybersecurity breach. Though investigators haven’t confirmed any links between the cases, experts say the rising vigilance following the M&S breach may have led to quicker detection of other attacks.
Ciaran Martin, former head of the National Cyber Security Centre (NCSC), emphasized that no evidence connects the M&S, Co-op, and Harrods breaches. However, he warned that if such an attack can target M&S, “it can happen to anybody.”
On Friday, M&S CEO Stuart Machin apologized to customers via email. He reassured shoppers that teams are working “day and night” to resolve the situation. Still, he provided no timeline for when online services would resume.
With roughly one-third of M&S’s clothing and home sales coming from its online platform, the financial impact is expected to grow daily. Analysts predict a short-term hit to profits, especially as the retailer misses sales during a stretch of record May weather.
Some food product availability has also been affected in stores. In addition, M&S has quietly removed job listings from its website, suggesting the disruption may be impacting other business operations.
Shares in M&S fell 1% on Friday, bringing total losses since Easter to about 9%. The company has yet to quantify the total financial damage.
The Co-op cyberattack was first disclosed on Wednesday. However, by Friday, it became clear that the scale of the breach was far larger than initially believed. The attack exposed sensitive customer information, leading to increased pressure on the company to improve its data security protocols.
Retail industry leaders say these incidents highlight a growing threat. Helen Dickinson, CEO of the British Retail Consortium, warned that cyberattacks are becoming “increasingly sophisticated.” She noted that retailers must spend hundreds of millions annually to defend against such threats.
According to BleepingComputer, the M&S attack may have involved a ransomware group called “Scattered Spider.” Multiple sources indicated that the collective encrypted the retailer’s servers, forcing the company offline.
The NCSC is currently working with affected businesses. In parallel, the Metropolitan Police’s Cyber Crime Unit and the National Crime Agency (NCA) are investigating the M&S incident.
Richard Horne, a senior official at the NCSC, called the situation a “wake-up call” for all organizations. He urged companies to prioritize cybersecurity as a matter of national interest.
Labour lawmaker Matt Western, who chairs Parliament’s Joint Committee on the National Security Strategy, said the government must act. He urged the state to treat ransomware as a critical threat and finalize its national cybersecurity strategy without delay.
In recent years, British institutions—including Transport for London and health labs—have suffered severe breaches, often requiring months to recover. The M&S case now joins a growing list of high-profile cyberattacks that have disrupted services, exposed data, and shaken public confidence.
