Marks & Spencer (M&S), one of the UK’s most recognizable retail brands, is the latest high-profile victim of a ransomware cyberattack that has severely disrupted internal systems, staff operations, and logistics. Although M&S has released only limited official information and refrained from public interviews, employee accounts on Reddit describe a full-blown crisis: internal IT systems down, manual operations using pen and paper, overstocked food wasting away, and head office staff working through weekends.
The attack appears to mirror tactics used by known ransomware syndicates, where malicious software locks critical systems and demands payment—often in cryptocurrency—in exchange for restoring access. The retail sector, increasingly reliant on digital infrastructure for inventory, payments, and logistics, is now acutely vulnerable.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
This incident follows recent disruptions at the Co-op, which had to shut down parts of its IT infrastructure due to another cyberattack, amplifying concerns about the fragile digital backbone of modern retail.
Victims Speak: Past Cyber Attacks Show the Human and Operational Cost
As news of the M&S attack spreads, others who have faced similar digital assaults are sharing their stories. Sir Dan Moynihan, Chief Executive of the Harris Federation, which runs 55 schools in London and Essex, recalled a devastating ransomware attack by the Russian hacking group REvil in 2020.
The attackers demanded $4 million in cryptocurrency, threatening to double the ransom to $8 million if payment wasn’t made within 10 days. The school network’s finance systems, teaching materials, medical records, and communications infrastructure were paralyzed. The Federation responded not with ransom, but with cyber negotiators posing as uninformed staff to stall attackers, buying time to rebuild systems over a grueling three-month recovery, costing over £750,000.
“We never considered paying,” said Sir Dan. “The money we have is for disadvantaged young people. Paying would only encourage more attacks.”
Fashion entrepreneur Catherine Deane shared a similar sense of helplessness when her Instagram business account was hacked. As her brand’s primary digital storefront, the loss was not just financial but emotional. “It was almost traumatising,” she said of her experience trying to navigate Meta’s support system.
Healthcare institutions have also suffered. In June 2023, a ransomware attack on Synnovis, a pathology provider, disrupted services at King’s College Hospital and Guy’s and St Thomas’ Hospital, causing massive delays in blood transfusions and diagnostics. “It was like going back in time,” said Dr. Anneliese Rigby, who described manual lab work as laborious and staff-intensive.
A Sector on Edge: Firms Race to Patch Systems Amid Spike in Cyber Threats
While M&S maintains silence, companies across the UK are scrambling behind the scenes. “We’re patching like mad,” one anonymous retailer told, underscoring the industry-wide panic sparked by the breach. Patching involves updating software and closing known vulnerabilities, a process often delayed in high-volume retail environments. Sir Charlie Mayfield, former Chairman of John Lewis, said the crisis was a wake-up call. “Online shopping has completely transformed retail. But as tech becomes more pervasive, so does the risk,” he warned.
The UK Government’s Cyber Security Breaches Survey reveals that 74% of large businesses were targeted by cybercriminals in the past year. This number, experts warn, is set to rise as ransomware groups grow more sophisticated, emboldened by past payouts and weak infrastructure.
As organizations from schools to fashion houses to global retailers confront a new normal of digital siege, the M&S breach could prove to be a tipping point in how UK businesses approach cyber resilience, contingency planning, and public accountability.
