London, May 2: British retailer Marks & Spencer is grappling with a major ransomware attack that has crippled internal systems and disrupted operations, prompting comparisons with other high-profile cyber incidents and reigniting concerns across the retail and public sectors.
The company has released only limited public information about the attack and has not made senior officials available for interviews. However, online accounts from individuals claiming to be M&S employees describe widespread outages, a return to manual processes using pen and paper, and logistical issues including both product shortages and overstock that led to food waste.
“It’s like going back in time,” one purported employee wrote on Reddit, noting that head office staff were working weekends to manage the fallout.
The incident comes amid a broader surge in cyber threats, particularly ransomware – a form of malicious software used by hackers to lock systems and demand payment in exchange for restored access. The attack on M&S follows a similar disruption at UK supermarket chain Co-op, which also shut down some of its IT systems this week.
The M&S breach echoes past incidents experienced by organisations across various sectors. In 2021, the Harris Federation – a group of 55 schools in London and Essex – was targeted by Russian ransomware group REvil, which demanded a $4 million payment. The school network refused to pay, instead working with cyber specialists and a hostage negotiator to stall the hackers while systems were rebuilt.
“We lost access to lesson plans, registration systems, even medical records,” Sir Dan Moynihan, CEO of the Harris Federation, told the BBC. The recovery took three months and cost £750,000, with 30,000 devices needing to be “cleaned.”
Similarly, wedding dress designer Catherine Deane described the hacking of her company’s Instagram account as “devastating,” citing the ordeal of dealing with platform owner Meta as “almost traumatising.”
Healthcare services have also been impacted. In June 2024, a ransomware attack on pathology provider Synnovis severely disrupted blood transfusion services at several London hospitals. “We’re having to manually process blood samples, which is time-consuming and resource-heavy,” said Dr. Anneliese Rigby of King’s College Hospital at the time.
Retailers and other businesses are ramping up cyber defences in response to the growing threat. “We’re patching like mad,” one retail executive said, referencing the frantic push to update software and security protocols. Sir Charlie Mayfield, former chairman of John Lewis, warned that the rise of digital services in retail has made companies increasingly vulnerable. “As technology becomes more pervasive, the risk of this kind of attack rises with it,” he said.
A recent UK government cybersecurity breaches survey found that 74% of large businesses were targeted by cyber attacks in the past year. With M&S still working to resolve its systems and the full scope of the breach unclear, the incident has underscored the growing frequency and impact of ransomware attacks on both commercial and public institutions.
