What is The Damage of a Cyber Attack? Marks & Spencers Breach Review

When dealing with a cyber attack, the specter of a cyber attack looms large over corporations, with potential repercussions that can ravage both finances and consumer trust.

The recent assault on retail giant Marks & Spencer by the notorious hacking group Scattered Spider demonstrates the profound vulnerabilities at stake. Understanding the breadth of such a cyber attack is crucial not only for recovering affected businesses but also for safeguarding future operations.

What Happened to Marks & Spencers?

M&S experienced a major hacking incident that shook its operations. The attack, linked to a hacking group called Scattered Spider, has led to service outages and payment issues. This has left consumers and the company in a tough spot. M&S had to react swiftly to address these complications. This involved identifying and containing the problem, and restoring their systems. The focus is now on ensuring that the business can operate normally again. This incident serves as a reminder of the constant threat from cyber criminals.

Do we Know What Caused the ‘Cyber Incident'?

The exact cause of the cyber incident is still under investigation. Initial reports suggest that the attack targeted central systems and key IT infrastructure. Cyber security experts are analysing the breach to understand how the hackers gained access. Human error could be a factor, as it often plays a role in such incidents. Understanding the root cause is vital for M&S. It helps develop a robust corrective action plan to prevent future attacks. The nature of modern IT systems means they must be constantly monitored and updated.

‍

Key Effects of the Cyber Attack on M&S:

• Service Outages: M&S experienced disruptions to its internal services and possibly external systems.
• Payment Issues: There may have been problems with contactless payment systems due to the attack.
• Operational Delays: The attack likely impacted M&S’s ability to maintain normal operations.

Financial Cost

The financial cost of the cyber attack on M&S can be substantial. These incidents often lead to immediate and long-term expenses. They might involve repairing systems and compensating any affected parties. Businesses may also face loss of revenue due to disrupted services. M&S must invest in an advanced cyber security framework to prevent similar incidents. The cost can extend beyond money, affecting market reputation and consumer trust. Prompt action and transparent communication are crucial in minimising this damage.

The Marks & Spencer cyberattack underscores the significant financial impact a security breach can have—wiping out over £500 million in market value and disrupting daily revenue streams. At Pentest People, our Incident Response services are tailored to help businesses mitigate these costly risks. From rapid threat containment to recovery planning, we minimise financial fallout by reducing downtime, protecting transactional systems, and preventing reputational damage.

Consumer ‘Catastrophe'

Consumers have faced a challenging situation due to the cyber incident at M&S. Service outages have disrupted shopping experiences, causing frustrations and inconveniences. Payment issues may have led to delays or failures in completing transactions. Trust is a valuable currency in retail, and incidents like these can shake it. M&S needs to reassure its customers that their data is safe and protected. Transparent communication about steps taken to resolve the issues promptly is key.

Cyber attack ‘Challenge'

The cyber attack on M&S poses a significant challenge for the company. It highlights vulnerabilities in complex and modern IT systems. Criminal gangs and hackers are becoming more sophisticated, making it harder to defend against them. M&S must adapt quickly and take comprehensive corrective actions.

This includes improving cyber security measures and training staff to avoid human errors. The experience serves as a wake-up call for businesses everywhere. They must stay vigilant and prepared against future cybersecurity threats. The damage from a cyber attack can be devastating. Marks & Spencer (M&S), a leading retailer, experienced a significant cyber incident that exposed the vulnerability of even the most robust systems.

Key Implications:

1. Consumer Trust: Loss of trust due to compromised customer data.
2. Financial Loss: Potential ransom payments and restoration costs.
3. Operational Challenges: Delays in restoring normal operations.

Industry Experts' Advice:

• Invest in a robust cyber security strategy.
• Regularly update and audit internal services.
• Train staff to minimise human error.

Steps in Recovery:

1. Identification: Cyber security experts pinpoint the breach.
2. Containment: Limit further damage to key IT systems.
3. Eradication: Remove threats from all central systems.
4. Restoration: Restore core IT infrastructure to regain normal operations.
5. Corrective Actions: Implement measures to prevent future incidents.

‍A Growing Target

Retailers like M&S have become major targets for cyber attacks due to their vast databases of customer information. Cyber criminals seek out vulnerabilities in complex systems, often using ransomware to extract payments and sensitive data. The attacks are not only a risk to retailers' operations but also to customer privacy. With the rise in online shopping, the frequency of such incidents is increasing. Businesses must recognise that the nature of the threat is evolving. Regular staff training and updating internal services are essential to minimise these risks.

Retailers Must Prioritise Cyber Security

Ensuring the integrity of key IT systems in retail environments is crucial for safeguarding customer data and maintaining trust. As cyber attacks become more sophisticated, investing in robust cyber security strategies has become a necessity, not a choice. Regular audits and system updates are strongly recommended by industry experts.

These measures, alongside employee education on avoiding human error, can prevent service outages and the potential fallout from ransomware incidents. By taking proactive steps, retailers can better protect themselves and their customers from cyber threats. In a recent cyber incident, Marks & Spencer faced a potential ransomware attack. This highlighted the risks to complex systems and key IT infrastructure. Cyber criminals targeted central systems, leading to service outages and disrupted contactless payments. Human error sometimes contributes, increasing vulnerability.

Why is it Taking so Long for M&S to Recover?

The recovery for Marks & Spencer is prolonged due to the intricacy of restoring interconnected IT systems, which often requires a specific sequence and span across various business areas before normal operations can resume.    

Additionally, the complexity of modern retail IT architectures means that a disruption in one system can have cascading effects on others. Each system often depends on real-time data and integrations to function optimally, and these interdependencies complicate and extend the recovery process.

Challenges in System Restoration

‍

Data Integrity and Verification: Before any system can be brought back online, ensuring the integrity of customer and transactional data is paramount. The process of verifying data involves meticulous checks and balances to prevent the possibility of corrupted or maliciously altered data affecting operations.

‍

Security Reinforcement: M&S must reinforce its cyber defences to prevent further infiltration. This involves implementing new security patches, updating software, and potentially overhauling compromised segments of the IT infrastructure.

‍

Testing New Protocols: Any new security measures or systems changes need thorough testing to ensure they are operational and prevent further vulnerabilities. This phase alone can take considerable time, especially if new infrastructures require staff training or further adaptation.

'A Whole Season Lost': How M&S Cyber Attack Has Hit Hard - and What Happens Next

The cyber attack on Marks & Spencer, attributed to the hacking group Scattered Spider, resulted in the suspension of online orders and disrupted in-store operations. This security breach led to a significant financial impact, wiping out over £500m from the companies stock market value.

This security breach led to a significant financial impact, wiping out over £500m from the companies stock market value.

The attack also affected M&Ss strategic operations, prompting the retailer to hire cyber security experts and enlist the help of the National Cyber Security Centre (NCSC).Despite M&Ss efforts to address the situation, including restoring contactless payments in stores, the retailer faced challenges with maintaining online sales, which average £3.8 million per day. The incident highlighted the vulnerability of the retail sector to cyber threats and resulted in customer frustration and investor dismay, as reflected in a drop in M&S shares.

Comment from our Consultant Team:

Chris Burton, Head of Professional Services at Pentest People; “It’s too early to know exactly what happened at Co-op, but from what’s been shared so far, it looks like there was an attempted intrusion, and in response, they shut down parts of their system. That kind of quick action suggests a preventative approach rather than a reaction to confirmed damage. Given the recent cyberattack on M&S, it wouldn’t be surprising if retailers are now on high alert. There’s likely a sense of “better safe than sorry” across the sector. Retailers, especially large supermarket chains, are considered part of the UK’s Critical National Infrastructure under the food and drink category. That makes them more attractive to threat actors, particularly when compared to more obvious targets like energy or defence, which tend to be better defended. So, does this feel like a knee-jerk reaction? Possibly but understandably so. With recent events fresh in mind, shutting things down at the first sign of trouble is a sensible move. Right now, it seems any unusual behaviour within a system is enough to trigger a shutdown. It’s clear the retail sector is feeling the pressure and acting with caution.”

The recent cyberattack on Marks & Spencer highlights the urgent need for robust incident response capabilities in today’s retail and digital landscapes. At Pentest People, our Incident Response services are designed to help organisations recover from cyber threats swiftly—minimising downtime, protecting customer data, and preserving business reputation. With attackers growing more sophisticated, now is the time to assess your resilience. Let our experts guide you through preparation, response, and recovery before you're the next headline.