M&S customers are still trying, often repeatedly, to place orders online. Whether it was groceries, clothing, or home essentials, the website and app simply wouldn’t let them check out.
Services are still down. With no major updates from the company, frustration started to build. People turned to social media, not just to complain, but to figure out what was going on.
Although M&S didn’t confirm the identity of the attackers, cybersecurity analysts speaking to the press during this period pointed to Scattered Spider, an English-speaking cybercrime group known for social engineering and ransomware deployment.
This group doesn’t rely on brute force. They impersonate real employees, bypass multi-factor authentication, and then wait. They don’t break down the door—they walk in through the front,” said William Wright of Closed Door Security.
The group has previously targeted MGM Resorts and other Fortune 500 companies. If Scattered Spider was indeed behind the M&S breach, it would mark one of the most high-profile attacks on a UK retailer in years.
That wasn’t all. The M&S careers site went completely blank, with over 200 job listings across the UK suddenly disappearing. Internally, sources say the HR systems had to be taken offline to ensure sensitive staff data wasn’t exposed.
You know it’s serious when even recruitment grinds to a halt,none M&S insider noted. We didn’t just lose sales—we had to put entire functions on ice.
While the core message remained unchanged—”we’re working on it”—M&S customers grew increasingly frustrated by the lack of clear updates.
Many customers still couldn’t use gift cards, Sparks rewards, or credit notes in-store. Some said customer service told them systems were “back,” only to turn them away at the till.
For Click & Collect, parcels were being held in-store, and customers were unsure how long they’d have to wait.
M&S continued to issue short replies on social media, thanking customers for their patience and reminding them that stores remained open and Ocado deliveries (on a separate platform) were unaffected.
At M&S Warehouses
Castle Donington—M&S’s main e-commerce distribution hub was quiet during this period. With digital order systems down, hundreds of parcels sat untouched, and many staff were temporarily sent home.
In-store, the effects began to show. Some customers noticed low stock levels in fruit, vegetables, and dairy. Others observed unusual restocking times and longer queues.
It’s like the supply chain is moving with one hand tied behind its back, one staff member told the press anonymously.
M&S later acknowledged “pockets of limited availability” in some stores, but assured customers it was working to manage manual operations where needed.
Analysts estimated that over £500 million had been wiped from M&S’s market value. Online revenue losses could exceed £25 million by the end of the week, while recovery costs, including IT forensics, infrastructure rebuilding, and legal fees, might reach eight figures.