If you’ve tried to stock up on your favourite T-shirts, pants or Percy Pigs lately, you’ll have been disappointed. Yep, online shopping has halted at British staple, Marks and Spencer. It’s not an attempt to revive the high street and boost in-store shopping (that’s been affected too). It’s the result of a sophisticated cyberattack.

The cyberattack has disrupted operations across all 1,049 M&S stores, as well as online orders. It’s sent shockwaves across the UK business community. It serves as a huge wake up call, highlighting the devastating effects of a cyberattack.

Don’t be fooled into thinking that cyberattackers only focus on big players like M&S. They’re not that discerning. They’ll happily prey on big and small businesses. So, how can you protect your business from a cyberattack? Let’s start by looking at what happened to M&S, and what we can learn from the devastating incident.

About the M&S cyberattack

So, what actually happened to M&S?

A cybercrime group called Scattered Spider is believed to be behind the M&S cyberattack. The suspicious activity was detected over the Easter weekend. Stores across the country were affected, online shopping came to a halt, and the entire M&S operations were thrown into chaos.

Scattered Spider’s a notorious group of cybercriminals. They communicate and coordinate their activity on platforms like Discord and Telegram. You may be surprised to learn that they don’t fit the typical picture of a high-profile hacker – a Russian or North Korean cybercriminal (very James Bond villain). Scattered Spider appear to be English-speaking young adults based in the UK and US. They’re known to be responsible for successful attacks on two casino groups in the US. And they’re believed to be behind recent attacks on the Co-op and Harrods too.

The M&S attack wasn’t a quick, smash-and-grab job. The attackers had been lurking in their system for months, collecting credentials and gathering sensitive information. Over Easter weekend, they hit the launch button which encrypted key systems and scrambled the company servers with ransomware. All IT systems were paralysed. Then they demanded a payout.

How did they do it?

Here’s the thing. It was like an old school con artist, convincing someone to do something for them. Scattered Spider’s known for tricking people into handing over access. It’s all about social engineering – manipulating someone into clicking a link or giving away a code.

According to the BBC, “The hackers used social engineering techniques, meaning they relied on human error or misjudgement, rather than a purely technological loophole… They gained access to M&S’s system via a ‘third party’ – a company working alongside the retailer – rather than accessing systems directly.”

This highlights that cybersecurity isn’t just an IT thing. It’s very much a people thing too.

What’s the impact?

M&S is reportedly facing a £300 million hit to their profits. A month after the incident, online orders are still down with no sign of them returning for some time.

“We expect online disruption to continue throughout June and into July as we restart, then ramp up operations,” said M&S.

The ripples of this attack will be felt across the business for a long time to come.

What you can learn from M&S

Firstly, it’s not just M&S. If your business relies on third-party suppliers or runs any part of its operations online (let’s face it, most do), you’re at risk too. In the 2025 Cyber Security Breaches Survey, 43% of businesses reported a security breach or attack in the past year. Phishing is the most common form of attack.

These cybercriminals are developing ever more sophisticated techniques. So, it’s important that you stay one step ahead of them (as much as possible). Protect your business and prepare for the worst.

These are three quick wins every UK business should implement:

Train your people

Human error is often the entry point for cybercriminals. Teach your team to spot dodgy emails, fake login screens and suspicious requests. It’s your first line of defence.

Make sure they know how to create super strength passwords. And reinforce the importance of best practices like not sharing login details or security codes.

Secure your systems

It’s crucial to keep your IT set-up secure and up to date. Deploy round-the-clock security to reduce your risk of attack and make your communication intrinsically more secure. Our expert team can help with that, providing a range of cybersecurity services and ongoing support. We’ll give you peace of mind along with 24/7 protection.

Have a back-up plan

Nobody wants to think about worst case scenarios, but cyberattacks are highly likely. Don’t bury your head in the sand. Make sure you’ve got a response strategy if something goes wrong. Knowing what needs to be done and by whom can save time and money when it matters most.

Fortunately for M&S, they had such a plan in place. They’d run a cyberattack simulation last year. That dummy run meant that they had a business continuity plan to put in place. They knew how to respond quickly and who to call when the real-life attack happened.

We can work with you to get prepared too. We can simulate attacks on your system, assess potential IT vulnerabilities, and identify the remedies to improve your defences.

Your cybersecurity wake-up call

Have you been rattled by the attacks on M&S, the Co-op and Harrods (and that’s just for starters)? It gets you thinking, doesn’t it?

It’s not just high-street names that are vulnerable to cyberattacks; your business is too. Now’s the time to tighten up your defences, and we’re here to help.

At Mirus IT, we make cybersecurity simple, effective, and tailored to you. Together, we’ll help you to stay safe and resistant to attack.

Get in touch to talk security – from strategic advice to practical solutions.