M&S has found the likely culprit behind its cyber attack and a government intelligence agency is now on the case – but the retailer and its customers still face major challenges
Marks & Spencer is the Cadillac of grocery shops – flashy and expensive. But, as we’ve just found out, M&S slums it with the rest of them when it comes to cyber attacks.
The drama started on April 21, when the Mirror reported that contactless payments were down at M&S. While it may have just seemed like a temporary glitch at the time, the home of Colin the Caterpillar revealed just hours later that it had been hit by a cyber attack – and had already been dealing with it for days.
M&S chief executive Stuart Machin shared a statement with customers at the time, explaining: “I’m writing to let you know that over the last few days, M&S has been managing a cyber incident. To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience.
“Importantly, our stores remain open, and our website and App are operating as normal. There is no need for you to take any action at this time and if the situation changes, we will let you know.”
So, the cyber attack started ‘a few days’ before April 21, and still isn’t solved today – but what does that mean for us? Plenty of customers are worried about online orders, availability of products, and, of course, sensitive data being leaked. Here’s what we know so far about where M&S and its shoppers stand.
A group called Scattered Spider is believed to be behind the major disruption, and you might walk past some members in their school uniform; it’s a hacking gang known to have some teenage members as young as 16.
According to BleedingComputer, the scarily cyber-savvy group initially started out in financial fraud, but has evolved to target corporations with the goal of extorting money. It has plenty of experience in the arena, having been linked to a cyberattack on MGM Resorts in September 2023 via its IT helpline for employees.
M&S have gone straight to the experts for help, enlisting the GCHQ’s National Cyber Security Centre – GCHQ is a government intelligence agency like MI5, with a focus on data and cyber security. In many ransomware cases like this, when hackers get into a system and take over its content they demand money for it to be released back to the owner.
These kinds of takeovers are often made with the threat that the data will be released to the dark web if demands aren’t met, meaning sensitive information would be for anyone to peruse or buy. At the moment M&S has given no suggestion that such a threat has been made – meaning that customer data might still be safe at present – but we haven’t been told anything about the motive of the Scattered Spider at all.
While M&S had spent days trying to fight back against the cyber attack behind closed doors before it became public, as soon as it started impacting customers the chain made a major loss.
The shopping chain has had to suspend all online sales, taking out a huge stream of income considering it reportedly makes around £3.8million in online sales per day. If that weren’t enough, its stock market valuation has dipped by £700 million, according to The Standard. It’s now even told some staff members not to bother going in.
M&S itself is naturally facing shortfalls, but customers are too. In some shops shelves are empty, with products either unavailable or limited. Theretailer has not confirmed how widespread the issue is, only noting that there were “pockets of limited availability in some stores”.
An M&S spokesperson said: “As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline. As a result, we currently have pockets of limited availability in some stores. We are working hard to get availability back to normal across the estate.”
While M&S says they’re working on getting enough stock back in, it’s still not known how long the cyber attack will impact the retailer as a whole – both financially and in terms of its reputation – or when the hackers will be booted out. Most importantly for customers, online orders might see a delay, products might be in full stock, and the safety of data is still up in the air.
However, it is worth noting that cyber attacks are unfortunately getting more and more common, meaning this isn’t an isolated incident. The best bet is to change your passwords if you’ve reused your M&S one just to be safe, and to make back up plans if your online order doesn’t arrive or the product you want isn’t on shelves – but all stores are open at present and hustling to get back to normal.
