Cyber Incident Victim: Marks and Spencer
Date:
Oct 2025
Location:
United Kingdom
Summary
Marks & Spencer suspended online orders forsix weeks after a cyber attack disrupted its systems, one of two major incidents affecting British companies this year alongside Jaguar Land Rover's five‑week production halt. The UK government also confirmed a breach earlier this year, attributing the intrusion to a technical flaw and stating that investigations continue while downplaying risk to individuals. Officials said the hole was closed quickly, that investigations continue, and that they cannot confirm whether the breach is linked to Chinese operatives or the state.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late 2025, Marks & Spencer experienced a cyber attack that disrupted its online retail operations. The incident was reported as part of a series of major cyber attacks affecting British companies during the year. The company responded by suspending its online order system for a period of six weeks. This suspension was implemented to contain the impact of the breach and protect customer data. The move came after similar disruptions were reported at Jaguar Land Rover, which halted production for five weeks. The article notes that the Marks & Spencer incident was one of two significant cyber events affecting large UK retailers and manufacturers.
The suspension of online orders meant that customers could not place purchases through the company's digital channels during the six‑week window. While the article does not detail the specific systems compromised or the attacker’s methods, it confirms that the disruption was directly linked to the cyber breach. Marks & Spencer’s decision to halt online sales was described as a precautionary measure taken while the investigation proceeded. The company’s statement emphasized the seriousness with which it treats system and data security. No further technical details about the breach, its origin, or remediation steps are provided in the source material. The narrative ends here.