London, April 30, 2025 – British retailer Marks & Spencer (M&S) is grappling with significant operational disruptions following a cyberattack attributed to the notorious hacking group known as Scattered Spider. For over a week, the retailer has been unable to process contactless payments, and customers have reported difficulties in shopping online.
The attack has led to hundreds of agency workers at M&S’s main distribution center being instructed to stay at home, exacerbating the situation as shoppers encountered empty shelves across the country. M&S confirmed that there are pockets of limited availability in some stores” as a result of the measures implemented to manage the cyber incident.
Scattered Spider, identified as one of the most active and dangerous hacking groups, has been linked to over 100 targeted attacks across various sectors, including telecoms, finance, retail, and gaming since its emergence in 2022. Graeme Stewart, head of public sector at security firm Check Point, noted that the group is composed mainly of young, English-speaking individuals, some believed to be as young as 16.
In a previous high-profile incident, Scattered Spider successfully locked the networks of casino operators Caesars Entertainment and MGM Resorts International, demanding large ransoms. Caesars reportedly paid around $15 million to restore its network, showcasing the financial motivations behind the group’s activities.
The group’s methods often exploit human vulnerabilities rather than technical flaws, utilizing tactics such as social engineering and SIM swapping to gain unauthorized access to systems. Jake Moore, a global cybersecurity adviser at ESET, indicated that the attack on M&S appears to be heavily financially motivated, placing additional pressure on the retailer to comply with demands due to its significant brand presence in British culture.
M&S has issued a statement acknowledging the cyber incident, indicating that they have paused taking orders via their websites and apps while assuring customers that their stores remain open. The retailer expressed regret for the inconvenience caused and emphasized that customers do not need to take any action at this time.
The ongoing situation highlights the increasing threat posed by organized cybercriminal networks like Scattered Spider, which continue to adapt and pose challenges for law enforcement and businesses alike.
