Major retailer hit by cyber attack

A major cyber attack has hindered premium retailer Marks & Spencer’s operations, leaving shelves in some of its stores empty of food and drink.

Signs asking customers to “please bear with us while we fix some technical issues affecting product availability” have been placed on shelves in affected stores.

The posh food and beverage retailer has not disclosed the nature of the attack. However, efforts to resolve the issue are ongoing and Marks & Spencer has indicated some steps it’s taken to control the situation.

“As part of our proactive management of the incident, it continues to be necessary to make some changes to our operations to protect customers and the business,” a statement read.

And while it’s not clear how widespread the empty shelves are, the company has confirmed “pockets of limited availability in some stores”.

Supply chain disruption

The supply issues are due to the retailer’s need to shut down some of its food-related systems as a precautionary measure.

This has also led to a pause on all online orders “as part of Marks & Spencer’s proactive management of a cyber incident”, according to another statement.

Marks & Spencer is also managing disruption to products supplied to online grocer Ocado, which delivers Marks & Spencer online orders and is part-owned by the company.

The problems have taken hold over a series of busy food and drink retailing dates, including an upcoming bank holiday weekend.

Preventing further attacks

Marks & Spencer has confirmed it is working with a dedicated cyber security team to restore its supply chains, and restart online and app shopping.

The attack is a “stark reminder” of ransomware gangs’ ability to evolve around traditional digital defences, says X-PHY CEO and co-founder Camellia Chan.

“Groups like Scattered Spider aren’t just locking companies out of their systems – they’re embedding themselves deep inside critical infrastructure, moving quietly, and striking at the worst possible moment," adds Chan.

Encryption attacks expose the weaknesses of reactive, software-only security. Once systems are compromised, the damage is done.

Cyber security experts are urging manufacturers and retailers to invest in dedicated security systems to help defend against attacks.

“Prevention must be built in from the ground up,” says Chan. “Businesses need a multi-layered approach that combines hardware-level security to detect and block attacks early. This should be combined with an AI-driven threat detection layer that automate detection and enforce policies in real time.”