• M&S cyber-attack in April linked to third-party access
• Attack paused online orders for over three weeks
• Estimated weekly losses exceed £40 million
• Stores suffered food shortages after systems were shut down
• Online platform, critical for clothing and homeware, remains partially down
• Hacker group DragonForce claims responsibility
• M&S took down core IT systems as a precaution
• Harrods and Co-op also targeted by the same group
• Annual results overshadowed by cyber breach fallout
• M&S now focused on restoring full digital service and supply chains

Marks & Spencer is still reeling from a major cyber-attack that has left parts of its business paralysed and exposed the deep risks lurking in third-party digital access. 

The breach, which occurred over the Easter weekend in April, was reportedly enabled through a supplier with system access, according to news sources.

 The fallout has been severe. M&S was forced to suspend online orders for more than three weeks, triggering estimated sales losses of more than £40 million per week, according to analysts at Bank of America.

The disruption affected a key revenue stream, with online orders accounting for a third of its clothing and homeware business.

The hacker group calling itself DragonForce has claimed responsibility for the breach. The same group told the media agencies it was also behind recent attacks on the Co-op and a failed attempt on Harrods.

While M&S has declined to comment on specifics, it confirmed that availability is stabilising and stores have remained well-stocked.

In the immediate aftermath of the attack, M&S took the drastic step of shutting down much of its IT infrastructure to contain the damage. That included food-related systems, which led to empty shelves in some locations as logistical coordination broke down. 

The company has since been working to restore operations, but the online platform remains partially offline, highlighting the complexity of the systems involved and the challenges of a secure recovery.

 Cybersecurity experts say the incident illustrates the growing threat of third-party risks, where attackers exploit less-protected vendors or partners to infiltrate larger targets. In this case, the breach demonstrates how even a single weak link can destabilize a national retailer.

While M&S has reassured customers that stores remained open and stock levels have returned to normal, the wider damage to consumer trust and digital infrastructure may take longer to repair.

The company’s response, including taking itself offline to prevent further spread, signals the seriousness of the threat and the scale of the disruption behind the scenes.

The attack on M&S adds to a growing list of high-profile retail breaches that have highlighted the vulnerabilities in an increasingly interconnected digital supply chain.

As businesses race to digitize services, this incident serves as a costly reminder that resilience cannot be outsourced.

With the full financial impact still unfolding and recovery efforts ongoing, all eyes will be on M&S’s earnings call – though the numbers may only tell part of the story.

The real challenge lies in rebuilding systems, trust, and operational continuity in a world where cyber-attacks are not just inevitable but increasingly sophisticated.