Published by Global Banking & Finance Review®
Posted on May 21, 2025
2 min readLast updated: January 23, 2026
Add as preferred source on GoogleM&S faced a cyber attack via a third-party contractor, bypassing defenses through social engineering. Online sales are disrupted, with full restoration expected by July.
By Paul Sandle and James Davey
LONDON (Reuters) -Marks & Spencer said hackers broke into its systems by tricking employees at a third-party contractor, skirting its digital defences to launch a cyberattack that will disrupt the British retailer for months.
Giving the first details since disclosing the breach on April 22, Chief Executive Stuart Machin said all companies were vulnerable, and M&S had boosted its defences by trebling tech spending in the last three years.
M&S has an IT contract with Tata Consulting Services. One source familiar with the matter told Reuters it was a means of access. TCS has declined to comment.
Machin declined to comment on TCS specifically when asked if it was the weak link.
"Unable to get into our systems by breaking through our digital defences, the attackers did try another route resorting to social engineering and entering through a third party rather than a system weakness," he told reporters.
"Once access was gained, they used highly sophisticated techniques as part of the attack."
Machin declined to comment on any ransom demand, citing advice from government agencies and law enforcement.
M&S stopped online sales. It said on Wednesday they were unlikely to be fully restored until July.
Machin said M&S became aware of the breach when it spotted suspicious activity during the Easter weekend of April 19-20.
He said the time between the hackers gaining access and detection was "short". Experts told the company that the average was 10 days and in some cases many months.
Britain's National Crime Agency told the BBC the attack investigation was focused on a cluster of young, English-speaking hackers.
M&S, which has sales of nearly 14 billion pounds ($19 billion) a year, immediately called in experts, partners and authorities, Machin said.
Some 600 systems had been scanned for damage, he said, and they were gradually being brought back online.
($1 = 0.7459 pounds)
(Reporting by Paul Sandle and James Davey. Editing by Mark Potter)
The hackers gained access by tricking employees at a third-party contractor through social engineering, bypassing M&S's digital defenses.
M&S has increased its tech spending by threefold to bolster its defenses and has called in experts and authorities to assist in the investigation.
M&S became aware of the breach during the Easter weekend of April 19-20, when they spotted suspicious activity.
M&S has annual sales of nearly 14 billion pounds, which is approximately $19 billion.
M&S stated that online sales are unlikely to be fully restored until July.
Explore more articles in the Headlines category
