Marks & Spencer Website Hacked: Britain’s renowned retail company (Marks & Spencer) recently got hacked. This cyber attack shook the entire UK. This incident happened in April 2025, which not only shut down the company’s services but also raised many questions about customer privacy and data security.
In this article we will discuss how Marks & Spencers website got hacked, who was behind it, how much loss it occurred, and what lessons can be learned from this.
How did the cyber attack happen?
On a normal morning of april 2025, the Marks & Spencer website suddenly stops working. Customers were not able to order online, contactless payment were failing and the company’s delivery services were also disrupted.
Initially it was considered as a technical glitch, but after sometime it got clear that it was the result of a major cyber attack. Hackers entered into company’s I.T. system and taken control of website, data server and infrastructure.
Who was behind it?
Behind this attack, a famous cyber criminal group was revealed – Scattered Spider, also known as Octo Tempest. This group has been targeting big companies around the world for the last few years.
They have used a special ransomware on the Marks & Spencer website, which encrypted all company data and locked the whole system and inreturn hackers starts demanding ransom.
But the most shocking thing in this incident was that hackers used the method of social engineering instead of technical hacking. The attackers made fake calls to Marks & Spencer’s IT staff, posing as company staff, and gained access.
What was the Impact of this Cyber attack?
In this attack, Marks & Spencer suffered from huge loss. Let’s take a look at how –
- Online website shut down – the official website of M&S went down completely. Customers faced many troubles ordering clothes and other products, and online sales also were shut down for several weeks.
- Payment failure on Shops – services like Click & Collect and contactless payment were also affected.
- Customer concern – initially, company informed, customer’s data is safe. But after sometime they informed that few personal details like Email, Order details and payment details may have been leaked.
- Supply chain disrupted – The supply chain in the company’s food section broke down, leading to a shortage of products in stores.
How much loss was incurred?
Marks & Spencer has suffered a loss of £300 million. This includes the cost of online sales drop, restoring the system and hiring experts.
Not only this, the Company’s share fell sharply and in a few days Marks & Spencer lost over £1 billion in market value.
Customer reaction and public trust
Marks & Spencer has been a trusted UK firm for years, but this attack damanged their brand name. People on social media showed anger over order cancellations, lack of response from support, and concerts about data theft
The company apologised to the customers, offered a refund, and started a helpline, but rebuilding trust will take time.
Now the company is investigating in collaboration with Britain’s national Cyber Secuirty Centre (NCSC) and the information Commissioner’s Office (ICO). Many private cyber security firms are also invloved in this investigation.
Marks & Spencer told that they have the cyber insurance and they believe that some part of the loss will get covered. With this, now company is restoring all the system and giving a proper cyber training to their staff members.
My opinion
Cyber attack on a big and trusted company like Marks & Spencer taught us that no website is 100% secure. This incident is not just an attack on a brand, but its warning sign of every user’s digital rights and privacy.
According to me, now it’s the time, every company should prioritize cybersecurity. Just updating the technology is not enough, but it is also important to protect the staff from psychological tricks like social engineering.
With this, we as users should also be aware of fake emails, dodgy links, or fake calls. When the big companies’ websites can be hacked, then the common people’s digital identity can also become victim.
From these types of incidents, we should learn that security
In the digital world is not just a responsibility, but a necessity. And we have to take this necessity seriously.
About the Author
Duncan Paul Glasgow is a UK-based blogger focused on raising awareness about scams, promoting social well-being, and sharing positive, thought-provoking messages.
Read more: Russia-Ukraine War: A Deep Dive into the Conflict That Shook the World