Both Marks & Spencer (M&S) and Co-op were targeted in separate cyber attacks that disrupted operations and sparked concerns across the retail industry. These aren’t isolated incidents—they’re part of a growing trend in which hackers use increasingly sophisticated methods to breach systems and wreak havoc.
Here’s a breakdown of what happened, why it matters, and what every business can learn from it.
The M&S Cyber Attack
Let’s start with the big one.
Marks & Spencer confirmed it was hit by a cyber attack on its supply chain that affected food availability across several stores. Customers started noticing issues when they turned up to collect pre-paid orders—only to find missing items and empty shelves.
The culprit? A hacking group known as Scattered Spider—also referred to as UNC3944 or Muddled Libra. They’ve previously targeted major corporations using a mix of phishing, social engineering, and advanced ransomware techniques.
Key Impacts:
- Delivery Chaos: M&S paused online food orders after their systems struggled to fulfil existing ones.
- Compensation Issued: Customers affected by the attack were offered £25 digital gift cards.
- Empty Shelves: Several locations reported limited stock and unavailable items.
- Communication Breakdown: Some shoppers complained about a lack of timely updates and support.
- Market Shake-Up: M&S’s market value reportedly dipped by hundreds of millions in the wake of the attack.
While the retailer acted quickly to contain the damage and work with cyber security experts, the disruption exposed critical vulnerabilities in their supply chain tech.
Co-op’s Cyber Scare
Not long after the M&S incident, Co-op found itself under digital fire too. Though their situation didn’t escalate as dramatically, it was a close call.
Co-op proactively shut down parts of its IT network after detecting a potential cyber threat. While customers could still shop in-store as usual, back-office systems and call centres were temporarily affected. The company emphasised that no action was needed from members or customers, and that their technical team, in collaboration with the National Cyber Security Centre, had things under control.
It was a textbook example of early detection and decisive action making all the difference.
5 Takeaways for Every Business
These cyber attacks are part of a broader trend. Whether it’s ransomware, phishing, or a supply chain compromise, the lesson is clear: it’s not a matter of if, but when.
Here are five critical lessons from the M&S and Co-op incidents:
Supply Chain Security is Non-Negotiable
M&S’s situation proves that your business is only as strong as your weakest supplier. A breach anywhere along the supply chain can bring operations to a standstill. Make sure third-party vendors follow robust cyber hygiene and that your contracts include clear security obligations.
Action Tip: Conduct regular security audits on suppliers and integrate them into your incident response planning.
Have a Customer-Facing Response Plan
One of the biggest pain points for M&S customers was the lack of clear, timely communication. When things go wrong, silence can do more damage than the breach itself.
Action Tip: Prepare pre-approved messaging templates for common breach scenarios, and set up a clear chain of command for customer updates.
Invest in Real-Time Threat Detection
Co-op’s swift action highlights how real-time detection tools and trained IT teams can make all the difference. The earlier you identify a threat, the more control you have over the damage.
Action Tip: Use behaviour-based monitoring and AI-powered detection tools to flag suspicious activity before it escalates.
Cyber Insurance Won’t Save Your Reputation
Even if you’re covered financially, a damaged reputation can take years to rebuild. Trust is hard to earn and easy to lose, especially when customer data or order reliability is on the line.
Action Tip: Focus on prevention just as much as damage control. Build a resilient culture, not just a responsive one.
Train Everyone—Not Just Your Tech Team
Social engineering is one of Scattered Spider’s go-to tactics. That means the weak spot isn’t always software—it’s people. Train every employee to spot suspicious behaviour.
Action Tip: Run regular training sessions and simulated attacks to test employee awareness.
How CSA can help
Cyber attacks are becoming more complex and more costly. What happened to M&S and Co-op could happen to any business that hasn’t fully embraced a cyber-first mindset.
The good news? Most attacks are preventable with the right combination of tools, training, and planning. Don’t wait until you’re writing apology emails to customers, reach out today and our experts at Cyber Security Awareness will help you take the first step toward stronger, smarter cyber security.
