May 7, 2025 – Two of the UK’s most trusted retailers, Marks & Spencer (M&S) and the Co-op Group, are grappling with significant disruptions caused by cyberattacks, plunging their operations into chaos and leaving customers frustrated. These incidents, which began in late April 2025, have led to empty shelves, suspended online services, and, in the Co-op’s case, a confirmed customer data breach. As the outages stretch into their third week for M&S and continue to unfold for the Co-op, the incidents highlight the growing threat of cybercrime to the UK’s retail sector. Here’s an in-depth look at the outages, their impacts, and what they mean for the future of retail cybersecurity.
A Perfect Storm: The M&S Cyberattack
The trouble for M&S began over the Easter Bank Holiday weekend (around April 19, 2025), when customers reported issues with contactless payments and click-and-collect services. Initially described as technical glitches, the problems were confirmed on April 22 as the result of a “cyber incident.” By April 24, M&S revealed the true scale: a sophisticated cyberattack, suspected to involve DragonForce ransomware, had infiltrated its systems. The attack forced the retailer to suspend online orders, halt click-and-collect services, and take internal processes offline to contain the threat. Now in its third week, the outage has left M&S struggling to restore normal operations, with no clear timeline for recovery.
The impact on M&S has been profound. Online shopping, a cornerstone of its business, remains unavailable, with the website and app unable to process new orders since April 25. Refunds have been issued for orders placed after April 23, but customers are still unable to shop for food or clothing online. In stores, empty shelves in food halls and shortages of meal deals reflect disruptions to the retailer’s replenishment systems. Click-and-collect services are suspended, and gift card usage has been problematic, frustrating loyal shoppers. The attack has also disrupted deliveries to Ocado, M&S’s online grocery partner, though Ocado’s separate systems have kept its platform operational.
Financially, the cyberattack has been a body blow. M&S’s stock market value has plummeted by nearly £750 million since late April, with analysts estimating a £30 million hit to annual profits and ongoing losses of £15 million per week. While insurance may cover initial costs, prolonged disruption could escalate expenses. In a sign of the crisis’s severity, M&S has imposed a hiring freeze, pulling all job postings from its website to focus resources on recovery. The retailer’s supply chain, already strained, continues to falter, leaving stores understocked and customers underserved.
Co-op’s Quiet Crisis
While M&S’s outage has dominated headlines, the Co-op Group has been quietly battling its own cyberattack, with disruptions surfacing around the same time. On May 2, the Co-op confirmed that hackers had stolen customer data, though it provided few details about the attack’s nature or scope. Social media posts from May 7 revealed bare shelves in Co-op stores, indicating supply chain disruptions similar to those plaguing M&S. Earlier reports suggested the Co-op was fending off an attempted hack, hinting at proactive cybersecurity measures, but the confirmed data breach and stock shortages show the attack’s impact.
Unlike M&S, the Co-op has not reported widespread issues with online services or payment systems, but the data breach raises serious concerns. The retailer has not disclosed what customer information was compromised, leaving shoppers anxious about potential identity theft or fraud. Stock shortages, meanwhile, have disrupted daily shopping for essentials, with one customer lamenting on social media that empty shelves prevented them from preparing dinner. The Co-op’s limited public communication has left customers and analysts in the dark about the outage’s full extent and recovery efforts, contrasting with M&S’s more transparent approach.
Customer Frustration and Resilience
The outages have sparked a wave of customer frustration, particularly for M&S, where the scale of disruption is more visible. Shoppers have taken to social media to vent about suspended online orders, unusable gift cards, and long queues caused by payment issues. Some reported abandoning baskets when contactless payments failed, while others expressed dismay at the lack of clarity on when services would resume. For Co-op customers, the shock of learning about the data breach—often through social media rather than official channels—has compounded concerns about stock shortages.
Yet, amid the chaos, there’s been an outpouring of support for retail staff. M&S employees, in particular, have earned praise for their professionalism and patience under pressure. Social media posts urged customers not to take frustrations out on workers, with many applauding their efforts to keep stores running. For M&S, this goodwill has translated into a degree of brand loyalty, with some customers deliberately shopping in-store to support the retailer. Analysts suggest that while the outages are a short-term blow, M&S’s strong brand and customer base should prevent lasting damage, provided recovery is swift.
Response and Recovery Efforts
Both retailers are working to contain the damage, but the complexity of cyberattacks—particularly ransomware—makes recovery a daunting task. M&S has enlisted top-tier cyber forensics specialists, including CrowdStrike, and is collaborating with the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The retailer has not confirmed whether customer data was compromised but pledged to notify affected individuals if evidence emerges. Regular updates and apologies via social media have aimed to maintain transparency, though some customers have criticized vague messaging about gift card issues and return policies.
The Co-op, by contrast, has been less forthcoming. Beyond acknowledging the data breach, the retailer has shared little about its response or recovery plans. Its earlier efforts to thwart an attempted hack suggest some cybersecurity preparedness, but the breach indicates vulnerabilities. Both retailers face a long road to recovery, with experts warning that ransomware attacks require meticulous system analysis to expel malware and restore operations. For M&S, the process could take weeks, while the Co-op’s timeline remains unclear due to limited information.
A Wake-Up Call for Retail
The M&S and Co-op outages are part of a troubling wave of cyberattacks targeting UK retailers. On May 1, Harrods reported unauthorized access attempts, and other chains like WHSmith, JD Sports, and The Works have faced breaches in recent years. A 2025 UK government survey revealed that 74% of large businesses experienced cyber incidents, yet 44% of retail and wholesale companies prioritize cybersecurity less than other sectors. This systemic vulnerability has made retail a prime target for hackers, with ransomware attacks like DragonForce proving particularly disruptive.
The NCSC has called the recent attacks a “wake-up call,” urging retailers to bolster IT security, particularly password reset processes. The incidents follow other high-profile outages in 2025, including banking disruptions at Barclays and Lloyds, and a Morrisons outage that marred Christmas orders in 2024. Together, these events underscore the fragility of critical infrastructure in the face of cybercrime. For M&S and the Co-op, the immediate priority is restoring operations, but the broader challenge is rebuilding trust and investing in resilient systems to prevent future attacks.
The Road Ahead
As of May 7, 2025, M&S remains in crisis mode, with online orders paused, click-and-collect suspended, and stock shortages plaguing stores. The Co-op, while less vocal, faces its own battle with supply chain disruptions and the fallout from a data breach. Both retailers are navigating uncharted territory, balancing operational recovery with customer communication and regulatory scrutiny. For M&S, the financial toll and potential profit warnings loom large, while the Co-op’s data breach could invite ICO penalties and erode customer confidence.
These outages serve as a stark reminder of the retail sector’s vulnerability to cybercrime. As hackers grow bolder, retailers must prioritize cybersecurity to protect their operations and customers. For now, M&S and Co-op customers are left waiting, hoping for a return to normalcy. But in an era where cyberattacks are increasingly common, the question isn’t if another outage will strike—it’s when, and how well the industry will be prepared.
Leave a Reply