Marks & Spencer Cyberattack: Recovery in Full Swing

 Marks & Spencer Cyberattack: Recovery in Full Swing

Overview:
In late April, M&S suffered a “highly sophisticated” ransomware attack—likely by the Scattered Spider (DragonForce) group—originating via a third-party vendor. The breach disrupted contactless payments, click-and-collect services, and online shopping. CEO Stuart Machin confirmed the incident during the company’s AGM. theguardian.com+1reuters.com+1theguardian.com+11theguardian.com+11computerweekly.com+11

Impact & Cost:

• Estimated £300 million operating profit hit (≈ $400 million), partially offset by insurance and cost controls thesun.co.uk+4theguardian.com+4retail-systems.com+4

• Daily online sales dropped ~22%; in-store sales fell ~15% due to offline systems theregister.com

Recovery Timeline:

• May–June: Phased service restoration; clothing, home, and beauty products gradually relaunched thescottishsun.co.uk+2retail-systems.com+2thesun.co.uk+2

• By August: Full restoration expected—click-and-collect, next-day delivery, and Donington distribution center back online thescottishsun.co.uk+2theguardian.com+2thesun.co.uk+2

Lessons & Next Steps:

• Catalyst for accelerated tech transformation, compressing a two-year plan into six months retail-systems.com+2cybersecuritydive.com+2computerweekly.com+2

• Refreshed cybersecurity protocols: vendor audits, hardened help-desk operations, stronger MFA, and offline backups