In April 2025, retail giant Marks & Spencer (M&S) was hit by a major cyberattack that disrupted operations . The company had to halt all online orders and even contactless payments in stores, resulting in millions of pounds in lost revenue . If a household name like M&S can be thrown into chaos by hackers, it’s a wake-up call for businesses of all sizes in Liverpool, Wirral, and across North West England. Cyberattacks aren’t just “big company problems” – they’re a daily threat to small businesses, too.
What Happened at M&S?
M&S confirmed a “cyber incident” on April 21, 2025, after customers noticed contactless payments and online shopping were failing . In the days that followed, the situation escalated: the retailer suspended online orders and warned of limited product availability in some stores . By April 25, gift card transactions and returns were impossible, and some warehouse operations had to be shut down. This wasn’t a minor IT glitch – it was a full-blown crisis.
It turned out that M&S was the victim of a ransomware attack. Cybersecurity investigators linked the breach to a hacking crew known as “Scattered Spider” . The attackers had reportedly broken into M&S’s network as early as February by stealing an internal password database . They lurked undetected for weeks. On April 24, the intruders finally pulled the trigger – unleashing malware called DragonForce that encrypted M&S’s servers .
The business impact was massive. About 200 warehouse workers were told to stay home as systems went offline . Some stores saw empty shelves for popular items , and customers couldn’t place orders or use gift cards at all. M&S brought in outside cybersecurity experts to help contain the breach .
Lessons for Local Businesses
For M&S, the fallout was enormous – major financial losses and a steep drop in its stock value . Now, a small Liverpool shop might not lose millions, but a cyberattack could still be ruinous. In fact, about 43% of UK businesses experienced a cyber breach or attack in the past year – underscoring a few key lessons smaller companies can take from M&S’s ordeal:
Early Detection: Hackers lurked in M&S’s network for months without being noticed . Don’t assume you’ll immediately spot a breach. Set up security monitoring and alerts to catch suspicious activity early, before attackers wreak havoc.
Backup Continuity: Ransomware can bring your business to a halt – M&S had to pause virtually all sales. Regularly back up important data (and keep backups offline), and have a plan for keeping operations running if your computers go down.
Employee Vigilance: Most attacks start with a deceptive email . Train your team to spot phishing attempts and odd requests. In M&S’s case, attackers used clever social engineering to trick an employee . Make sure your staff double-checks unexpected emails or login prompts instead of clicking impulsively.
Secure Logins: Use multi-factor authentication (MFA) on all important accounts – but beware of MFA fatigue. In this attack, hackers spammed an employee’s phone with login approvals until one was mistakenly accepted. Prevent that by using MFA methods that can’t be easily abused (like app-generated codes) and by educating employees never to approve unexpected login requests.
Response Plan: Know what to do if a breach happens. M&S quickly pulled systems offline and called in experts . Even a small business should have a basic incident response plan: who to call (IT support, cybersecurity provider, etc.), how to isolate affected systems, and how to communicate with customers or regulators if needed.
Staying Safe and Moving Forward
Cyber threats might sound scary, but you can take action to strengthen your defenses. Start with the basics: keep software updated, use strong passwords (with a manager to store them), and enable MFA wherever possible. Consider getting a professional cybersecurity assessment – essentially a “health check” for your IT setup – to find and fix weak points before attackers do. Local experts like Hilt Digital (a Wirral-based cybersecurity provider) offer these assessments and IT support Wirral businesses trust, helping companies stay protected.
In the wake of the M&S breach, customers are more aware of cyber risks and expect businesses to take security seriously. By learning from this incident and improving your cybersecurity proactively, you not only reduce your chance of being the next victim – you also show customers you value their trust. The M&S attack is a sobering reminder that it can happen to anyone, so don’t wait for a crisis to shore up your defenses; if you’re unsure where to begin, reach out to a trusted local cybersecurity partner for guidance. A little preparation today can save a lot of pain tomorrow.