{"id":21567,"date":"2025-05-24T12:00:35","date_gmt":"2025-05-24T10:00:35","guid":{"rendered":"https:\/\/cyberinsights.iainfraser.net\/?p=21567"},"modified":"2025-05-27T11:12:53","modified_gmt":"2025-05-27T09:12:53","slug":"marks-and-spencer-cyber-crisis-deepens","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2025\/05\/24\/marks-and-spencer-cyber-crisis-deepens\/","title":{"rendered":"REPORTAGE: Marks & Spencer Cyber Crisis Deepens: Website Outage Highlights Years of Security Failures"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Partners4_Ensurety\"<\/figure><\/div>
\"Partners7_Passware\"<\/figure><\/div>
\"CIP<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"FoxTech_Partner_Logo_Banner\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"Image\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Mtaylor848 via Wikimedia Commons<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\"nordvpn\"<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Helping Keep Small Business CYBERSafe
\n<\/strong>M\u00e1laga: Saturday, 24th May 2025 at 12:00 CEST<\/p>\n

REPORTAGE: <\/b>Marks & Spencer Cyber Crisis Deepens: Website Outage Highlights Years of Security Failures
\n<\/strong><\/b>By Iain Fraser\/<\/a>Reportage & Andy Jenkinson CIP<\/a>
\nSMECyberInsights.co.uk<\/a> –\u00a0<\/a>First for SME Cybersecurity<\/a>
\nGoogle Indexed on 240525 at 13:30 CET<\/a>
\n#SMECyberInsights #SMECyberSecurity #SMECyberAwareness #CyberSafe #SME #SmallBusiness\u00a0<\/em><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

The Cybersecurity saga engulfing British retail giant Marks & Spencer<\/strong><\/a> (M&S)<\/strong> took another dramatic turn this week, as its main website went dark during the night, sparking concern across the business and security community. The site was offline for several hours before resuming limited functionality shortly after 7:00am.<\/p>\n

M&S<\/strong><\/a> attributed the outage to “overnight updates”\u2014a phrase that has done little to quell growing unease among customers and industry watchers. The downtime comes as the company grapples with the fallout from a major ransomware attack last month, which continues to cripple online operations. E-commerce capabilities have remained offline since 22 April, with full-service restoration not expected for weeks.<\/p>\n

Behind the technical disruption lies a far more troubling truth: Marks & Spencer<\/strong><\/a> has for years failed to implement basic cybersecurity controls, leaving it exposed to precisely the kind of attack it suffered. Industry sources and analysts confirm that a range of internet-facing assets remained unpatched and unmonitored, creating clear pathways for exploitation.<\/p>\n

These failures are not just technical oversights\u2014they are violations of critical legal and regulatory frameworks. M&S<\/strong><\/a> is now believed to be in breach of multiple standards including the UK Data Protection Act, GDPR<\/a>, PCI-DSS, and the Digital Operational Resilience Act (DORA). Each of these mandates exists to protect consumers and ensure organisations maintain a minimum standard of digital hygiene.<\/p>\n

As public trust erodes and regulatory pressure mounts, cybersecurity experts are urging M&S<\/strong><\/a> to prioritise remediation efforts and overhaul its current security posture. Without urgent action, the retailer risks prolonged operational paralysis, customer data exposure, and heightened legal scrutiny.<\/p>\n

This developing crisis serves as a cautionary tale for other UK businesses: Cybersecurity negligence is no longer an internal IT problem\u2014it\u2019s a boardroom and brand survival issue.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tJoin SME Cyber Now! \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"CYBERInsights\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: IfOnlyCommunications<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\"nordvpn\"<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

UK Small Business Owner? Join SMECyber Free Now! & Access the SME Cyber Forum – Read, Learn, Engage, Share …<\/h4>\n

The Latest SME<\/strong> Cybersecurity News, Threat Intelligence & Analysis, Timely Scam Alerts, Best-practice Compliance, Mitigation & Resources specifically curated for UK Based SMEs<\/strong> in a Single Weekly Email direct to your Inbox or Smart Device together with Unrestricted Free Access to our entire SME<\/strong> Cyber Knowledge & Tutorial Library.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Cybersec\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

About Andy Jenkinson<\/span><\/strong><\/p>\n

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.<\/span><\/strong><\/p>\n

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years\u2019 experience as a hands-on lateral thinking CEO, coach, and leader.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLEARN MORE \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"_CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Report<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Image Credit: Mtaylor848 via Wikimedia Commons Join SME Cyber Now! \/… Image Credit: IfOnlyCommunications Learn…<\/p>\n","protected":false},"author":1,"featured_media":21568,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"categories":[594],"tags":[595],"ppma_author":[505],"class_list":["post-21567","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reportage","tag-reportage"],"featured_image_urls":{"full":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons.jpg",468,351,false],"thumbnail":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons-150x150.jpg",150,150,true],"medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons-300x225.jpg",300,225,true],"medium_large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons.jpg",468,351,false],"large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons.jpg",468,351,false],"1536x1536":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons.jpg",468,351,false],"2048x2048":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons.jpg",468,351,false],"covernews-featured":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons.jpg",468,351,false],"covernews-medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/05\/Image-Credit-Mtaylor848-via-Wikimedia-Commons-468x340.jpg",468,340,true]},"author_info":{"display_name":"Cybersecurity Journalist Iain Fraser","author_link":false},"category_info":"REPORTAGE<\/a>","tag_info":"REPORTAGE","comment_count":"0","authors":[{"term_id":505,"user_id":1,"is_guest":0,"slug":"admin_yjdstq4n","display_name":"Cybersecurity Journalist Iain Fraser","avatar_url":{"url":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png","url2x":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/21567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=21567"}],"version-history":[{"count":8,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/21567\/revisions"}],"predecessor-version":[{"id":21616,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/21567\/revisions\/21616"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media\/21568"}],"wp:attachment":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=21567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=21567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=21567"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/ppma_author?post=21567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}