Marks & Spencer (M&S), one of the most iconic and oldest retail chains in the United Kingdom, with over 140 years of history, faced in 2025 one of the most severe cyberattacks it had ever suffered. The incident at Marks & Spencer not only compromised the security of its computer systems, but it also disrupted several of its key services, including online shopping and the "click and collect" service, which allows customers to pick up their purchases in physical stores.
This cyberattack on Marks & Spencer, carried out by the hacker group DragonForce, resulted in a significant data theft and paralyzed essential operations at a critical time for the company, affecting both consumer trust and the firm’s financial results. Despite the initial challenges, Marks & Spencer demonstrated exemplary recovery capabilities, and in a relatively short period, it began to restore its services and regain ground in a highly competitive market.
The impact of the cyberattack on Marks & Spencer not only highlighted the inherent vulnerabilities in the retail sector against cyber threats, but it also emphasized the importance of operational resilience and the ability to adapt quickly to changes. While other competitor companies such as Next and Sainsbury’s benefited from the temporary disruption at Marks & Spencer, the firm reacted swiftly, implementing strategic measures to resume operations and restore customer trust.
This article by ITD Consulting delves deeply into the scope of the damage caused by the cyberattack, the key decisions Marks & Spencer made during its recovery process, and the lessons other companies can learn from its experience to strengthen their cybersecurity and crisis management strategies in the future.
The cyberattack on Marks & Spencer: Origins and immediate effects
On April 25, 2025, Marks & Spencer surprised the market by announcing that it had suffered a "cyber incident" that compromised its technological infrastructure. In the official statement, Marks & Spencer reported that it had been the victim of a ransomware attack carried out by a group of cybercriminals known as DragonForce.
This hacker group, which has been linked to several attacks on renowned companies, was able to infiltrate Marks & Spencer's computer systems, resulting in a significant data theft. The immediate effects of the attack were devastating. First, Marks & Spencer had to temporarily suspend its "click and collect" service, which allows customers to buy products online and pick them up in physical stores. Furthermore, the attack on Marks & Spencer affected the availability of products both on its online platform and in physical stores, as inventory management systems were interrupted.
This caused a drop in sales of clothing and food, as well as a shortage of products on the shelves, leading consumers to seek alternatives from competitors. The cyberattack also affected Marks & Spencer’s ability to process payments, including contactless payments, one of the most popular options for shoppers in the UK.
This disruption forced Marks & Spencer to implement additional measures to protect its infrastructure, disconnecting several systems to minimize the impact of the cyberattack and contain the damage. Marks & Spencer estimated that operational losses related to the attack would amount to approximately £300 million ($404 million), a significant figure given the size of the company and its historic position in the market.
The initial response: Damage control and communication with the public
Given the severity of the incident, Marks & Spencer's priority was to contain the damage and manage the crisis effectively. The company activated its cybersecurity contingency plan, working closely with experts in the field of technology and cybersecurity to understand the extent of the attack and ensure that no further breaches occurred.
Throughout this process, Marks & Spencer maintained open communication with its customers, investors, and the general public, which helped mitigate some of the uncertainty and concern caused by the attack. On its website and social media, Marks & Spencer was transparent about the situation, informing consumers about the services that would be affected and providing approximate timelines for service restoration.
This transparency was crucial, as it allowed the company to generate some trust in its ability to overcome the crisis, even while its operations were suspended. Although the disruption severely affected sales during the first weeks of the attack, Marks & Spencer managed to maintain customer loyalty through refund offers, discounts, and increased accessibility in terms of return and product pick-up options in-store. The customer-centric approach was one of the strategies that allowed Marks & Spencer to minimize the short-term impact of the attack.
The recovery: Return to normal and the return of "click and collect"
After more than two months of disruption, Marks & Spencer began to gradually resume its online services. The company reactivated its home delivery ordering platform on June 10, 2025, a positive step marking the beginning of operational recovery.
However, the "click and collect" services, which allow customers to buy products online and pick them up in physical stores, remained suspended, further affecting regular Marks & Spencer customers who relied on this convenient service. On August 9, 2025, Marks & Spencer announced through its website and social media that the "click and collect" service had been restored at all of its stores, news that was enthusiastically received by both consumers and analysts.
According to John Lyttle, the CEO of fashion, home, and beauty at Marks & Spencer, the restoration of this service marked a key step in the company’s return to normalcy. Not only did this allow Marks & Spencer’s customers to shop online and conveniently pick up their products, but it also marked the end of the uncertainty that had prevailed for months.
The return of the "click and collect" service was also interpreted as a positive sign by investors. Marks & Spencer's stock rose by 2% on the stock market, reflecting growing optimism about the company's ability to overcome the crisis. However, despite this progress, Marks & Spencer's stock still showed a cumulative decline of around 10% in 2025, indicating that the impact of the cyberattack was still significant, although long-term fears about the company’s financial viability were reducing.
Impact on the competition: Opportunities for Marks & Spencer's rivals
The cyberattack on Marks & Spencer not only affected the company but also had implications for the retail market in general. By suspending its online platform and "click and collect" services, Marks & Spencer left a gap that its competitors quickly seized. Companies like Next and Sainsbury's saw an increase in demand for their products, as many consumers chose to shop with these rivals while Marks & Spencer resolved the crisis.
Next, in particular, benefited from the disruption in Marks & Spencer's operations. The company, which directly competes with Marks & Spencer in the fashion sector, increased its earnings forecasts three times throughout the year, partly due to Marks & Spencer's operational disruption. Sainsbury's, for its part, experienced an increase in demand for food products, allowing it to gain market share in a sector where Marks & Spencer is a key player.
The quick response from these competitors underscores the importance of operational resilience in a digitalized world. Retailers with robust technological infrastructure that are able to adapt quickly to crisis situations, like cyberattacks, are more likely to mitigate the impact of such events and, in turn, capitalize on the opportunities that may arise during periods of disruption.
The future of Marks & Spencer: A stronger and more resilient company
Despite the immediate challenges, Marks & Spencer is in a relatively strong position to face the future. Its ability to restore its online operations effectively has been key to regaining consumer trust. Furthermore, Marks & Spencer has a solid base of loyal customers and a well-recognized brand in the UK, which gives it a significant competitive advantage in the market.
As for long-term prospects, analysts like Kate Calvert from Investec have indicated that the impact of the cyberattack should not significantly affect the company's valuation or its growth outlook. Marks & Spencer's crisis management experience and its ability to adapt to the operational challenges of the digital age suggest that the company could emerge stronger from this crisis.
Strategically, Marks & Spencer could also leverage this experience to improve its cybersecurity infrastructure and its approach to data protection. The growing importance of digital security in retail will be key to ensuring that the company is better prepared to face future risks.
Lessons for the retail sector: Preparedness and resilience
The attack on Marks & Spencer offers several valuable lessons for other companies in the retail sector. First, it highlights the need to invest in cybersecurity. In an increasingly digitalized environment, cyberattacks are becoming a constant threat to companies of all sizes. Firms need to be aware of the risks and take proactive steps to protect their systems and data.
Second, a quick response and effective communication with customers are essential in crisis situations. Marks & Spencer's transparency during the incident and its customer-centric approach were key factors in helping to minimize damage to its reputation and maintain consumer loyalty.
Finally, this case demonstrates the importance of being resilient in the face of operational disruptions. Companies that are able to quickly adapt to unforeseen situations, such as a cyberattack, will be better positioned to thrive in a competitive market.
In addition to cybersecurity, it is also crucial for companies to consider the importance of overall technological infrastructure. The integration of inventory management systems, secure payment systems, and online customer service should be robust and flexible to minimize the impacts of any type of attack. Companies operating in e-commerce need to have the ability to recover quickly and continue operating with minimal disruption.
The role of innovation and adaptability in retail
The retail sector is in constant transformation, especially with the acceleration of digitalization and the adoption of online commerce. Marks & Spencer, which has been operating for over a century, has faced numerous challenges throughout its history, from economic fluctuations to the evolution of consumer preferences. The cyberattack of 2025 is just one of many obstacles that retail companies must be prepared to face in the digital age.
However, the key to success in this context lies not only in reactive measures, such as crisis management, but also in the ability to proactively adapt to changes. Continuous innovation in product and service development, the use of artificial intelligence to improve customer experience, and investment in omnichannel distribution channels are essential for long-term success.
In the case of Marks & Spencer, the restoration of its "click and collect" service demonstrates how a company can quickly adapt to changing circumstances. Marks & Spencer’s ability to offer a convenient shopping experience, both online and in physical stores, is crucial for its future relevance. The global COVID-19 pandemic had already accelerated the trend toward e-commerce, and events like the cyberattack only underscore the importance of being prepared for any challenges that arise.
Marks & Spencer has demonstrated remarkable resilience after one of the most significant cyberattacks in retail history. While the initial impact on Marks & Spencer was severe, the company has successfully restored its operations, reintroducing key services like "click and collect" and regaining some consumer and investor confidence.
This incident has not only highlighted the vulnerability of the retail sector to cyberattacks but also emphasized the importance of operational resilience, transparency, and crisis preparedness. As the digital world continues to evolve, the lessons learned by Marks & Spencer will serve as a guide for other companies looking to protect themselves and thrive in an increasingly digitalized environment.
The future of Marks & Spencer looks promising, provided the company continues to innovate and adapt to new consumer demands. The key lesson that can be drawn from this experience is that, despite challenges, a company's ability to recover, adapt, and move forward can be more important than the initial blow. Marks & Spencer has emerged from this challenge stronger, wiser, and better prepared to face the challenges of the digital age.
If you want to learn more about the best cybersecurity tools to keep your operations safe, write to us at [email protected]. We have a team of cybersecurity experts ready to assist you.
EN 
ES