Inside the Cyberattack That Crippled M&S and UK Retail Giants

In a striking display of cyber warfare, UK Retail Giants heavyweights Marks & Spencer (M&S), Co-op, and Harrods became the targets of a highly coordinated cyberattack in April and May 2025, disrupting operations at an unprecedented scale. M&S bore the brunt, with its entire online clothing platform disabled for 46 days, leading to losses estimated at £300 million in operating profit.

The attack sent shockwaves through the British retail sector. At Co-op, systems managing inventory and payments were crippled, leaving stores unable to process transactions or restock shelves efficiently. Harrods, while less impacted publicly, confirmed its internal systems were compromised, prompting the retailer to sever parts of its network from the internet to contain the breach.

Anatomy of the Attack: Sophistication Meets Social Engineering

Security investigators revealed the attacks were executed using a combination of ransomware deployment and social engineering tactics, notably phishing, impersonation, and SIM-swapping. The criminals managed to hijack internal communications, even delivering a ransom message directly to Marks & Spencer CEO Stuart Machin via a spoofed employee email.

Experts believe the attackers were affiliated with Scattered Spider, a cybercrime group known for exploiting human vulnerabilities rather than just technical ones. Their strategy involves impersonating IT staff to extract login credentials and bypass internal security. Once inside, attackers likely deployed ransomware provided by DragonForce, a “ransomware-as-a-service” group offering custom tools to criminal clients.

This approach reflects a growing trend: hackers no longer simply “break in” through firewalls—they talk their way in, posing as trusted figures and manipulating access through phone calls, emails, and help desk portals.

Fallout, Industry Reckoning, and What Comes Next

The Marks & SpencerS breach was so severe that even its click-and-collect and returns systems were affected. Chairman Archie Norman, speaking to Parliament, called the incident “a wake-up call” and urged the government to mandate reporting of all major cyberattacks, citing a widespread culture of under-reporting in UK industries.

The full restoration of services is not expected until August. Meanwhile, Harrods and Co-op continue to audit systems and strengthen defences. In response, the National Cyber Security Centre (NCSC) has advised businesses to adopt stronger identity verification, multi-factor authentication, and crisis response protocols.

More broadly, this attack has sparked alarm over the rising role of young, tech-savvy individuals in organised cybercrime. Many groups now recruit from social platforms and gaming forums, blurring the lines between amateur hackers and professional syndicates.

The cyberattack on Marks & Spencer and its peers wasn’t just a breach of data; it was a breach of trust, resilience, and preparedness. As ransomware becomes more human-led and socially engineered, the attack has spotlighted a hard truth for UK Retail Giants : digital defences must evolve as fast as the threats they’re up against.