Marks & Spencer temporarily halts employment hires due to persisting digital assault.
Marks & Spencer (M&S) halted job recruitment due to an ongoing cyber attack, with all online job ads removed from their website. The company's website currently states, "Sorry, you can't search or apply for roles right now, we're working hard to be back online as soon as possible."
The British retail giant, employing around 65,000 people, has been under attack for over a week, asserting that online orders are still on hold, and some customers have seen empty shelves sprouting. Issues first surfaced over the Easter weekend, leading to the halt of click-and-collect orders and impacting contactless payments. However, the company has since restored contactless payments.
On Thursday, the Metropolitan Police confirmed they were investigating a cyber attack. In a separate incident, The Co-op shut down parts of its IT systems after an attempted hack. Consequently, Co-op staff are now being ordered to keep cameras on during all remote work meetings to verify identities.
The hackers responsible for the M&S cyber attack are thought to be a notorious group known as Scattered Spider, also referred to as UNC3944, Octo Tempest, or Muddled Libra. This group has been active since 2022, launching high-profile attacks on various industries, including telecoms, finance, retail, and gaming. Scattered Spider is known for employing advanced social engineering tactics such as phishing and MFA (Multi-Factor Authentication) fatigue attacks.
Scattered Spider includes English-speaking teenagers and often communicates through hacker forums, Telegram channels, and Discord servers. They have become well-known for demanding ransoms after locking up networks of prominent companies like Caesars Entertainment and MGM Resorts International. In the M&S attack, it is reported that Scattered Spider allegedly breached M&S systems as early as February 2025, using ransomware like DragonForce to encrypt parts of M&S's infrastructure.
- The cyberattack on Marks & Spencer (M&S), which has halted job recruitment and online order processing, has been confirmed by the Metropolitan Police on Thursday.
- The notorious hacking group responsible for the M&S cyber attack, known as Scattered Spider, has been actively launching high-profile attacks on various industries, including finance, retail, and technology, since 2022.
- The ongoing cyberattack has reportedly resulted in Scattered Spider breaching M&S systems as early as February 2025, using ransomware like DragonForce to encrypt parts of M&S's infrastructure.
- Citing the ongoing M&S cyberattack, the Co-op has ordered its staff to keep cameras on during all remote work meetings to verify identities, demonstrating potential collateral effects of such attacks on other companies in the same industry.
