21.05.25

M&S Cyber-attack a “Wake-up Call” for UK Retailers

Cyber-attack update

Food, clothing and homeware retailer Marks & Spencer (M&S) is working around the clock to recover from a significant cyber-attack that has cost it “millions of pounds in lost sales and a lower share price” – according to the BBC. Additional retailers, the Co-op and Harrods, recently reported similar attacks that forced them to temporarily shut down parts of their IT systems. These attacks are a stark reminder of the potential vulnerabilities in digital systems and the importance of robust cyber-security measures.

National Cyber Security Centre (NCSC) CEO Dr Richard Horne said, “These incidents should act as a wake-up call to all organisations. I urge leaders to follow advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

About the M&S Cyber-attack

M&S first reported problems over the Easter weekend when it experienced issues with click-and-collect orders and contactless payments. By Tuesday, 22nd April, the retailer had confirmed it had experienced a cyber-incident and was forced to stop taking online and phone orders. Although the breach did not involve customer data, its operational and financial impact could take months to recover from. In fact, the fallout from the incident is costing M&S £15 million weekly, according to Deutsche Bank analysts, and the retailer’s share price has plummeted.

Although it’s not known who is responsible for the cyber-attack, a hacking collective is thought to be involved. The incident stemmed from a ransomware attack that leveraged social engineering techniques to reset an employee’s password, which was then used to breach the network.

Following the attack, the NCSC urged organisations to review their IT help desk password reset processes to reduce their chances of getting hacked. In particular, help desks should reassess how they authenticate staff members and consider having a code word for employees to use when they make contact to change their credentials. The Police and the National Crime Agency are working with M&S to investigate the cyber-attack, and further details may be made available in due course.

Next Steps

In light of the recent cyber-attacks on retailers, organisations across sectors should review their cyber-hygiene measures to reduce the likelihood of falling victim to similar breaches. Additionally, robust cyber-insurance and business interruption cover can help financially safeguard companies from cyber-threats’ perils.   

Contact us today for additional risk mitigation measures and insurance solutions.

Contains public sector information published by GOV.UK and licensed under the Open Government Licence v3.0.

Information provided by Zywave with contribution from Lisa Langley, Cert CII, Team Leader, Professional Ricks, Cox Mahon Ltd.

The content of this publication is of general interest and is not intended to apply to specific circumstances or jurisdiction. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice from their own legal counsel. Further, the law may have changed since first publication and the reader is cautioned accordingly. © 2025 Zywave, Inc. All rights reserved.