Marks & Spencer Cyberattack Causes 46-Day Online Shutdown

In April 2025, the Scattered Spider hacking group attacked Marks & Spencer by social-engineering the IT service desk into resetting an employee's credentials. They deployed DragonForce ransomware, forcing M&S to suspend all online and mobile orders on April 25.

The attack cost approximately 300 million GBP in lost profit and wiped 750 million GBP off M&S's market value. Online orders did not resume until June 10, 2025 — a 46-day hiatus. This is one of the UK's largest retail cyberattacks.