// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Marks & Spencer
Breach Record

Marks & Spencer

DISCLOSED 2025-02-01 · PHISHING · RANSOMWARE

British retailer Marks & Spencer suffered a ransomware attack on February 1, 2025. The attack vector was social engineering through vishing to a third-party service desk to reset a password. The severity is critical, but the number of exposed records is unknown.

The record

What we know

Disclosed
2025-02-01
Attack vector
Phishing
Sector
retail
Country
United Kingdom
RANSOMWARE
Sources

Cited reporting

Similar vector · recent

Other phishing breaches on file

This page is the permanent ColdRecon entry for the Marks & Spencer disclosure. It updates if new public reporting emerges. All tracked breaches →

Marks & Spencer just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →