UK Retailers Hacked: Marks & Spencer and Co-op Hit with £440m Cyber Punchline

Cyber Monitoring Centre links M&S and Co-op cyber-attacks to the same threat actor. Scattered Spider is suspected of using social engineering and compromised credentials. The financial impact is estimated between £270m-£440m, with M&S experiencing a 22% drop in daily spend and Co-op an 11% fall. Welcome to the dark web of retail therapy!

3P
Published: June 20, 2025 1:31 pmAdded: June 20, 2025 at 6:38 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the UK retail scene just got a surprise makeover, courtesy of some cyber hoodlums! Who knew that a threat actor could be as fashion-forward as M&S, but with much less charm? Maybe they’re just trying to get ahead of the competition by making everyone else take a ‘timeout’ from online shopping. Retailers, brace your Wi-Fi – it’s a hostile world out there!

Key Points:

  • Cyber Monitoring Centre (CMC) links M&S and The Co-op attacks as one combined cyber event.
  • Suspected common threat actor: Scattered Spider, a notorious hacking collective.
  • Harrods was also attacked but not officially linked due to sparse details.
  • Estimated financial impact ranges from £270m to £440m for M&S and The Co-op.
  • Incidents categorized as a Category 2 systemic event indicating significant impact.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?