M&S: Marks and Spencer Scattered Spider online cyber attack explained - the ongoing impact on UK shopping

In recent weeks, a cyber attack on Marks & Spencer has laid bare the vulnerabilities at the heart of the UK retail sector - and the consequences for shoppers, staff, and businesses are continuing to unfold.

What began as a disruption over the Easter weekend has since ballooned into a nationwide issue, affecting everything from how customers place orders to how M&S recruits new staff.

And with similar attacks reported at Harrods and the Co-op, experts warn this is not an isolated event, but part of a wider, deeply troubling trend.

What happened?

The first signs of trouble at M&S emerged during the Easter weekend, when customers began experiencing issues with click-and-collect orders and contactless payments.

As the scale of the incident became clear, M&S shut down significant portions of its online infrastructure in response to what it described as a “cyber incident.”

This turned out to be a serious ransomware attack, widely believed - though not officially confirmed - to be the work of a hacking group known as Scattered Spider.

The attack was so disruptive that M&S suspended all online orders and pulled job listings from its website, effectively halting recruitment.

A personalised morning news round-up with NationalWorld Today - sign up here.

Cybersecurity experts believe that M&S fell victim to a ransomware-as-a-service attack - where criminal groups can purchase or rent powerful ransomware tools online. One such strain, called DragonForce, has been cited as a potential weapon used in the attack.

This strain specifically targets outdated systems and known software vulnerabilities, meaning any business with lapses in its security protocols becomes a ripe target.

According to Jake Moore of ESET, once a company like M&S is hit, it often triggers a domino effect across the sector.

“It’s typical for similar companies in the same sector to become secondary targets after a huge cyber attack,” he says. “Other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible.”

Sure enough, Harrods and the Co-op reported cyber incidents shortly after M&S. Harrods restricted internet access at its locations after detecting unauthorised access attempts, while Co-op shut down parts of its IT infrastructure following a suspected breach.

Though the full details of these incidents remain unclear, cybersecurity professionals believe the attacks could be linked either through shared vulnerabilities in software or a common third-party supplier.

What does it mean for shoppers?

For M&S customers, the most immediate consequence is the suspension of all online orders, and whether you're looking to buy a spring outfit, stock up on homeware, or order your groceries online, you'll now have to visit a physical store.

For those hoping to take advantage of bank holiday sales or browse from the comfort of home, this disruption has meant a sudden return to old-school shopping habits.

Beyond the inconvenience, there's also growing anxiety over data security. While M&S has not confirmed any customer data breaches, the nature of ransomware attacks often involves the theft or encryption of sensitive information.

Until full transparency is provided, a cloud of uncertainty will hang over the company’s digital operations.

What does it mean for staff?

Customers also face a more indirect impact: fewer staff in stores and slower customer service.

With recruitment halted, M&S is missing out on hiring for potentially hundreds of roles, putting more pressure on existing employees and potentially limiting the quality of in-store service during a busy season.

While M&S has promised to restore services “as quickly as possible,” the effects of the attack will likely linger for months.

Customers may be more hesitant to use digital services, staff may face increased pressure as stores absorb the demands of online shoppers, and the business itself could suffer reputational damage, losing loyal customers to more resilient competitors.

What does it mean for businesses?

For M&S and other retailers, the incident has underscored the fragility of modern retail systems, and with businesses relying on interconnected online platforms, even a small breach can spiral into a full-blown operational crisis.

Toby Lewis of cybersecurity firm Darktrace points out that one weak link - whether in a software system or a third-party vendor - can compromise entire operations.

“It’s a lesson again in the growing difficulty large organisations have in securing against threats in their supply chain,” he says.

Cody Barrow, CEO of EclecticIQ, adds that cybercriminals are becoming bolder, using tools enhanced by artificial intelligence to carry out more frequent and more sophisticated attacks.

“Sophisticated phishing campaigns, deepfake social engineering, and adaptive malware are now within reach of even low-skilled attackers,” he says. The implication is clear: without rapid investment in cybersecurity, no retailer is truly safe.

Are you job-hunting? To view thousands of roles available right now, visit the JobsToday website.