London: A ransomware assault by the hacker group Scattered Spider disrupted Marks & Spencer’s online sales and supply chain, forcing manual processes and causing physical stock shortages. The attack threatens £300m in losses and highlights vulnerabilities in third-party digital platforms crucial to modern retail operations.
A recent ransomware attack has laid bare the vulnerabilities within modern retail supply chains, with Marks & Spencer (M&S) serving as a stark case study of the operational fragility that can ensue from such breaches. Following an incident in late April, the retailer's digital infrastructure was severely disrupted, leading to the suspension of online sales and forcing operational teams into a reliance on manual processes to manage inventory and fulfilment.
M&S's e-commerce platform, which typically generates approximately £3.8 million in daily sales, remains offline. Consequently, physical stores have faced sporadic food shortages as logistics efforts have been hampered. Suppliers have reverted to archaic pen-and-paper ordering systems, while distribution schedules have been strained in a bid to maintain availability. In a further blow to customer service, M&S has paused its click-and-collect services and taken job listings offline. Although the company asserts that sensitive payment and password information remained secure, it has acknowledged the compromise of customer data, including names and order histories. This incident not only highlights the immediate impact of the breach but also signals potential long-term reputational damage.
The cyberattack, attributed to the group Scattered Spider, employed a ransomware-as-a-service platform called DragonForce. This group has been linked to other attacks on notable retail names such as Harrods and the Co-op, suggesting a troubling trend of targeted infiltrations within the sector. CEO Stuart Machin explained that the breach was facilitated through social engineering tactics directed at a third-party contractor, which allowed the attackers to gain pivotal credentials while impersonating trusted personnel. Although M&S has not disclosed the identity of the contractor involved, Tata Consultancy Services, its long-time IT partner, is currently undertaking an internal investigation to determine whether their systems were exploited as an entry point.
While M&S had enjoyed a successful financial year, reporting its best adjusted pretax profits in over 15 years—£876 million, a rise of over 22% from the previous year—the ransomware attack is poised to inflict significant financial strain, with losses potentially reaching £300 million for the fiscal year ending March 2026. The impending financial impacts are compounded by a £249 million non-cash impairment charge connected to M&S's investment in Ocado Retail. This dual disruption raises concerns regarding forward planning and procurement cycles, especially in areas that rely on just-in-time inventory and synchronous supplier inputs.
Despite these setbacks, investor confidence appears resilient. On the day of the earnings report, M&S shares rebounded by 2.6%, which analysts at Deutsche Bank interpreted as a sign of management’s assurance in addressing the situation. Such optimism may hinge on the company’s dual strategy to mitigate losses through insurance claims and tighter cost controls. However, the incident underscores a critical lesson for supply chain leaders across the industry: the necessity of treating digital platforms managed by third parties as integral to operations, deserving the same level of scrutiny and risk management as any strategic supplier.
As the repercussions of this attack unfold, it is evident that the stakes for cybersecurity have escalated, highlighting the interconnectedness of digital infrastructures and physical operations. The evolving landscape necessitates a reframing of cyber risk as a fundamental component of operational risk, demanding comprehensive resilience planning and recovery protocols to safeguard against future threats.
Reference Map
- Paragraphs 1, 2, 3, 4, 5, 6
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative is based on a press release from SupplyChain 360, dated May 26, 2025. The earliest known publication date of similar content is April 30, 2025, in The Guardian, reporting on M&S's cyberattack and its impact on supply chains. ([theguardian.com](https://www.theguardian.com/business/2025/apr/30/marks-and-spencer-cyber-attack-products-run-short-in-some-stores?utm_source=openai)) The report includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. Additionally, the narrative has been republished across various low-quality sites and clickbait networks, which raises concerns about its originality. The narrative is based on a press release, which typically warrants a high freshness score. However, the recycling of older material and republishing across low-quality sites suggests a need for further scrutiny.
Quotes check
Score:
7
Notes:
The narrative includes direct quotes from M&S CEO Stuart Machin regarding the cyberattack. These quotes appear in earlier material, indicating potential reuse. The wording of the quotes varies slightly across sources, which may suggest paraphrasing or selective quoting. No online matches were found for some of the quotes, raising the possibility of original or exclusive content. However, the lack of consistent sourcing and potential paraphrasing diminishes the credibility of the quotes.
Source reliability
Score:
5
Notes:
The narrative originates from SupplyChain 360, a specialized publication focusing on supply chain issues. While it provides in-depth analysis, its niche focus may limit its reach and verification by broader audiences. The report mentions M&S's CEO and Tata Consultancy Services (TCS) in the context of the cyberattack. TCS is a well-known IT services company, but the report does not provide direct links or verifiable sources for these claims, raising concerns about the reliability of the information presented.
Plausibility check
Score:
6
Notes:
The narrative makes several claims about the cyberattack's impact on M&S, including a £300 million profit hit and operational disruptions. These claims are consistent with reports from reputable outlets like Reuters and The Financial Times, which have covered the incident extensively. ([reuters.com](https://www.reuters.com/business/retail-consumer/ms-slow-recovery-cyberattack-puts-it-risk-lasting-damage-2025-05-19/?utm_source=openai), [ft.com](https://www.ft.com/content/19dcd993-877e-43c5-aab4-c727e574e3f2?utm_source=openai)) However, the narrative lacks specific factual anchors, such as exact dates and detailed figures, which diminishes its credibility. The language and tone are consistent with industry reports, but the lack of supporting detail from other reputable outlets raises questions about the narrative's authenticity.
Overall assessment
Verdict (FAIL, OPEN, PASS): FAIL
Confidence (LOW, MEDIUM, HIGH): MEDIUM
Summary:
The narrative presents recycled content with potential reuse of quotes and lacks verifiable sources, leading to concerns about its originality and reliability. The absence of specific factual anchors and supporting details from other reputable outlets further diminishes its credibility. Given these issues, the narrative fails to meet the standards for a trustworthy report.
