M&S Cyber Attack Led to Empty Shelves & Add to the Case for AI Defences

Marks & Spencer (M&S), a major British grocer,  is still counting the cost of a ransomware attack that struck over the Easter weekend (27–28 April 2025). The intrusion, attributed by several security analysts to the Scattered Spider affiliate of ALPHV/BlackCat, entered the retailer’s network via a third-party contractor. Within hours, the attackers exfiltrated customer contact details and order histories though not payment data and encrypted key back-office systems, forcing it to suspend online orders and disrupt store deliveries. M&S told investors the outage would shave up to £300m ($405m) off annual operating profit, and that full e-commerce functionality is unlikely before July 2025.

M&S has accelerated a previously planned migration to zero-trust architecture. The breach highlights a rising tide of attacks on UK grocers. In December 2024, Morrisons suffered a week-long point-of-sale disruption traced to a credential-stuffing campaign. Last month the Co-op confirmed it had repelled a similar incursion, warning that “loss of control” events are becoming routine across food retail.

Cyber-forensics firm Decta says the sector’s thin margins drive dependence on shared logistics platforms, creating single points of failure that sophisticated crews increasingly exploit.

M&S’s swift decision to voluntarily take its systems offline limited ransomware propagation but prolonged recovery, illustrating the trade-off between containment and business continuity.

The episode is a reminder that operational resilience is now as critical to retailers as inventory management. Insurers report that UK retail cyber-premiums have already risen 15 % year-on-year, especially with the rise of generative AI, and most expect mandatory supply-chain security audits to follow once regulators publish final findings. This is also not the first time that hackers have gained access to a major company by initially targeting one of their suppliers, implying that companies will now need to conduct firmer cyber due diligence tests and audits on their supply chain as well.