In April 2025, British retail giant Marks & Spencer (M&S) fell victim to a significant cyberattack that disrupted its operations and compromised customer data. The incident highlights the growing threat of cyberattacks on major corporations and raises concerns that if a retail giant spending lots of money on cybersecurity is not safe, then who is?  This event offers valuable lessons in cybersecurity to businesses and consumers alike.

What Happened?

Over the Easter weekend, M&S experienced a sophisticated ransomware attack. According to the Economic Times paper, the attack was believed to be orchestrated by the hacker group Scattered Spider, who are known for targeting large organisations using tactics such as social engineering and phishing. The hackers recently targeted Co-op and Harrods too, using DragonForce (an affiliate cybercrime service on the darknet) to carry out the attacks.

The attack led to unauthorised access to some customer data, including names, addresses, and order histories. Thankfully, M&S confirmed that no payment details or passwords were compromised.

The cyberattack severely impacted the businesses’ online operations, pausing online orders and affecting contactless payments across stores. The company also had to pause its hiring processes as its systems were taken offline.

The Financial Impact

The attack had significant financial repercussions for M&S. According to the Times newspaper, analysts estimate weekly losses of around £15 million due to disrupted online sales, and M&S is expected to claim up to £100 million from its cyber insurance policy to cover the damages. On top of this, their stock value has fallen 13% in the last month, despite increasing 29% since May last year.

Lessons in Cybersecurity

The M&S cyberattack highlights several key lessons:

  • No One Is Immune to Cyberattacks: Even well-established companies with robust security measures can fall victim to cyberattacks.
  • Incident Response Plans Are Vital: Having a well-defined incident response plan is crucial to mitigate damage and restore operations quickly.
  • Employee Training Is Essential: Many cyberattacks exploit human vulnerabilities, which was the case in this incident. Regular training can help employees recognise and avoid phishing attempts and other social engineering tactics.
  • Regular Security Audits Are Required: Conducting frequent security assessments can help identify and address vulnerabilities before they are exploited.

How Could This Attack Have Been Prevented?

There are several ways this attack could’ve been prevented. Endpoint Detection & Response (EDR) supports organisations with innovative cybersecurity technology that identifies and responds instantly to suspicious behaviour on network endpoints, stopping cybercriminals in their tracks.  EDR works by continuously monitoring and analysing activities on your network-connected devices using state-of-the-art automation and AI technology. It uses advanced algorithms to detect unusual or suspicious behaviour that may indicate potential security threats in your environment.

Secondly, BullPhish cyber training, user awareness training and ongoing staff education are vital components of a robust cyber security strategy. As in the case of the M&S cyberattack, employees pose a major risk to the integrity of a business and its resilience to attack. Even the best security systems can be compromised by users who are unaware or have their guard down. Over 90% of successful network breaches are caused by human error, while recent reports suggest 95% of attacks could have been prevented with basic cyber hygiene.

Through implementing these two systems, alongside a robust and comprehensive cyber security policy, such as Cyber Essentials, this cyberattack could’ve been prevented.

RedDoor IT:

At RedDoor IT, we understand the evolving landscape of cybersecurity threats. Our team offers comprehensive solutions to protect your business, including:

  • Proactive Monitoring: We continuously monitor your systems to detect and respond to threats in real-time.
  • Employee Training Programs: Our training sessions equip your staff with the knowledge to recognise and prevent potential security breaches.
  • Incident Response Planning: We help you develop and implement effective incident response strategies to minimise downtime and data loss.
  • Regular Security Audits: Our thorough assessments identify vulnerabilities and provide actionable recommendations to strengthen your security posture.
  • Tailored Cyber Essentials Packages: Whether you have 5 employees or 500, we offer tailored Cyber Essentials packages that protect your organisation against the most common cyberattacks and scams. By implementing the 5 key technical controls outlined by the scheme, we help you safeguard against the most common threats and reduce your risk of attack by up to 80%.
  • Cyber Essentials Plus: This provides an extra layer of assurance over Cyber Essentials and is a higher level of certification involving getting independent validation by an accredited third party. Systems are independently tested, and a technical audit is carried out. Cyber Essentials Plus is then integrated into your organisation’s information risk management.
  • Exceptional Customer Service Record: As of April 2025, we have a 97% response rate for tickets within one hour, a 99% customer retention record, and we receive many 5* reviews every month, with a 4.9* average rating on our Google Business page.

In April 2025, the UK government reported that 612,000 UK businesses and 61,000 UK identified a cyber breach or attack in the last year.

Contact us today to learn how we can safeguard your operations against the latest cyber threats.

Do you need IT Support?

Contact RedDoor IT today

Related Posts
RedDoor IT logo
RedDoor IT merges with Tamite IT
Gallery

RedDoor IT merges with Tamite IT

Discounted vulnerability check
Gallery

Discounted vulnerability check