{"id":22502,"date":"2025-06-14T12:00:41","date_gmt":"2025-06-14T10:00:41","guid":{"rendered":"https:\/\/cyberinsights.iainfraser.net\/?p=22502"},"modified":"2025-06-19T12:20:09","modified_gmt":"2025-06-19T10:20:09","slug":"marks-saga-continues","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2025\/06\/14\/marks-saga-continues\/","title":{"rendered":"REPORTAGE: M&S Crisis – \u00a3700M Lost Yet Britain’s Retail Giant Remains Dangerously Exposed"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Partners4_Ensurety\"<\/figure><\/div>
\"Partners7_Passware\"<\/figure><\/div>
\"CIP<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"FoxTech_Partner_Logo_Banner\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"Image\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Sebastiandoe5<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\"nordvpn\"<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Helping Keep Small Business CYBERSafe
\n<\/strong>M\u00e1laga: Saturday, 14 June 2025 at 12:00 CEST<\/p>\n

REPORTAGE: M&S Crisis – \u00a3700M Lost Yet Britain’s Retail Giant Remains Dangerously Exposed<\/b>
\n<\/strong><\/b>By Iain Fraser\/<\/a>Reportage & Andy Jenkinson CIP<\/a>
\nSMECyberInsights.co.uk<\/a> –\u00a0<\/a>First for SME Cybersecurity<\/a>
\nGoogle Indeed on 140625 at 13:10 CET<\/a>
\n#SMECyberInsights #SMECyberSecurity #SMECyberAwareness #CyberSafe #SME #SmallBusiness\u00a0<\/em><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Executive Summary<\/strong><\/p>\n

Seven weeks after the devastating cyber attack that crippled Marks & Spencer<\/a>‘s operations, Britain’s retail giant remains fundamentally insecure, leaving millions of customers exposed to ongoing cyber threats. Despite \u00a3300 million in direct operating losses and over \u00a3700 million wiped from market value, M&S<\/a> continues to chase attribution shadows rather than addressing core security vulnerabilities that enabled the breach.<\/p>\n

The Staggering Financial Carnage<\/strong><\/p>\n

The numbers tell a devastating story. The “highly sophisticated and targeted” cyberattack will cost Marks & Spencer<\/a> about \u00a3300 million in lost operating profit, with disruption to online services likely until July. When combined with the \u00a3700 million market value destruction, total losses exceed \u00a31 billion – making this potentially the costliest retail cyber incident in UK history.<\/p>\n

The attack’s scope was comprehensive: stolen customer information could include basic contact details, dates of birth and online order histories, with payment information potentially compromised. M&S<\/a> serves 32 million customers annually, meaning the breach’s impact reaches unprecedented scales.<\/p>\n

The Uncomfortable Truth: Nothing Has Changed<\/strong><\/p>\n

Despite attribution, aka finger pointing, being placed on Tata Consultancy Services<\/a> and a rogue email, Marks and Spencer<\/a> continue to overlook and ignore all basic Internet security preferring to chase shadows. This does absolutely nothing for millions of Marks and Spencer<\/a> customers’ security who will potentially be exposed for many years to come to cyber crime and fraud.<\/p>\n

Immaterial of any, and every narrative of how, and why Marks and Spencer<\/a>‘s basic security negligence was exploited – why are Marks and Spencer<\/a> still woefully and wholly unacceptably exposed, insecure, and vulnerable and by default, forcing their customers to be? Although an uncomfortable question, until these issues are addressed and remediated, Marks and Spencer<\/a> and their millions of customers continue to be extremely exposed and extremely vulnerable.<\/p>\n

The fundamental issue remains: while M&S<\/a> executives focus on blame attribution and damage control narratives; the underlying security architecture that enabled this breach remains largely unchanged. The Ransomware<\/a> attack by an unnamed criminal gang, although all avenues point to the \u201cScattered Spider<\/a>\u201d hacker group exploited basic security oversights that, seven weeks later, appear to remain unaddressed.<\/p>\n

Expert Analysis: The Path Forward<\/strong><\/p>\n

Andy Jenkinson<\/a>, cybersecurity expert at CIP<\/a> (Cybersec Innovation Partners), emphasizes that post-breach remediation requires a complete security transformation, not superficial patches. “The M&S incident demonstrates the catastrophic cost of treating cybersecurity as an afterthought rather than a foundational business requirement,”<\/em> Jenkinson notes. “Seven weeks post-breach, the focus should be on comprehensive security architecture rebuilding, not finger-pointing exercises.”<\/em><\/p>\n

Jenkinson<\/a>‘s expertise highlights critical gaps in M&S’s approach: “Effective cyber resilience demands zero-trust architecture implementation, comprehensive employee security training beyond basic awareness, and proactive threat hunting capabilities. The fact that basic security oversight failures enabled this breach suggests these fundamentals were never properly established.”<\/em><\/p>\n

Cyber Insurance: A \u00a3300M Question Mark<\/strong><\/p>\n

With direct losses exceeding \u00a3300 million, M&S<\/a>‘s cyber insurance coverage faces intense scrutiny. Industry analysts suggest that comprehensive cyber policies typically cover \u00a350-100 million for retailers of M&S<\/a>‘s scale, potentially leaving hundreds of millions in uninsured losses. The attribution blame game with Tata Consultancy Services<\/a> may be driven by Cyber Insurance<\/a> requirements rather than genuine security improvement efforts.<\/p>\n

Critical Customer Protection Measures<\/strong><\/p>\n

For M&S<\/a> customers affected by this breach, immediate protective actions are essential:<\/p>\n

Immediate Actions:<\/strong><\/p>\n

* Change all passwords associated with M&S accounts and any sites using similar credentials
\n* Enable two-factor authentication on all financial and retail accounts
\n* Monitor bank and credit card statements weekly for unauthorized transactions
\n* Consider credit monitoring services given the scale of data compromised<\/p>\n

Long-term Vigilance:<\/strong><\/p>\n

* Remain alert to sophisticated phishing attempts using your compromised personal data
\n* Be sceptical of unsolicited communications claiming to be from M&S or financial institutions
\n* Regularly review credit reports for unauthorized accounts or inquiries
\n* Consider identity theft protection services for ongoing monitoring<\/p>\n

Financial Protection:<\/strong><\/p>\n

* Contact your bank to discuss transaction monitoring enhancements
\n* Review and understand your bank’s fraud protection policies
\n* Document any suspicious activity immediately with timestamps and screenshots<\/p>\n

The Wider Implications<\/strong><\/p>\n

This incident represents more than corporate embarrassment – it’s a fundamental failure of duty of care to customers. With hackers also hitting Co-op and Harrods in Britain, retailers worldwide are racing to boost security, yet M&S<\/a> appears to be lagging behind this urgent industry response.<\/p>\n

The extended timeline of impact – with disruption expected until July – suggests either inadequate incident response capabilities or more extensive compromise than publicly acknowledged.<\/p>\n

Conclusion: Accountability Deficit<\/strong><\/p>\n

Seven weeks after one of Britain’s costliest retail cyber attacks, M&S<\/a> customers deserve better than blame games and damage control narratives. The uncomfortable reality is that basic security failures enabled this breach, and those fundamental vulnerabilities appear to remain unaddressed.<\/p>\n

Until M&S<\/a> demonstrates genuine commitment to comprehensive security transformation rather than attribution exercises, millions of customers remain unnecessarily exposed to ongoing cyber threats. The \u00a3700 million market value destruction should serve as a wake-up call – customers and investors are losing patience with cybersecurity negligence.<\/p>\n

The question remains: How many more weeks will pass before M&S<\/a> prioritizes customer security over corporate damage control?<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tJoin SME Cyber Today! \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"CYBERInsights\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: IfOnlyCommunications<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\"nordvpn\"<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

UK Small Business Owner? Join SMECyber Free Now! & Access the SME Cyber Forum – Read, Learn, Engage, Share …<\/h4>\n

The Latest SME<\/strong> Cybersecurity News, Threat Intelligence & Analysis, Timely Scam Alerts, Best-practice Compliance, Mitigation & Resources specifically curated for UK Based SMEs<\/strong> in a Single Weekly Email direct to your Inbox or Smart Device together with Unrestricted Free Access to our entire SME<\/strong> Cyber Knowledge & Tutorial Library.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Cybersec\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

About Andy Jenkinson<\/span><\/strong><\/p>\n

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.<\/span><\/strong><\/p>\n

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years\u2019 experience as a hands-on lateral thinking CEO, coach, and leader.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLEARN MORE \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"Data<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Image Credit: Sebastiandoe5 Join SME Cyber Today! \/… Image Credit: IfOnlyCommunications Learn More \/… LEARN…<\/p>\n","protected":false},"author":1,"featured_media":22503,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"categories":[594],"tags":[652,595],"ppma_author":[505],"class_list":["post-22502","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reportage","tag-ms","tag-reportage"],"featured_image_urls":{"full":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5.png",624,351,false],"thumbnail":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5-150x150.png",150,150,true],"medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5-300x169.png",300,169,true],"medium_large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5.png",624,351,false],"large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5.png",624,351,false],"1536x1536":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5.png",624,351,false],"2048x2048":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5.png",624,351,false],"covernews-featured":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5.png",624,351,false],"covernews-medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/06\/Image-Credit-Sebastiandoe5-540x340.png",540,340,true]},"author_info":{"display_name":"Cybersecurity Journalist Iain Fraser","author_link":false},"category_info":"REPORTAGE<\/a>","tag_info":"REPORTAGE","comment_count":"0","authors":[{"term_id":505,"user_id":1,"is_guest":0,"slug":"admin_yjdstq4n","display_name":"Cybersecurity Journalist Iain Fraser","avatar_url":{"url":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png","url2x":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/22502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=22502"}],"version-history":[{"count":11,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/22502\/revisions"}],"predecessor-version":[{"id":22737,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/22502\/revisions\/22737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media\/22503"}],"wp:attachment":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=22502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=22502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=22502"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/ppma_author?post=22502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}