// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Marks & Spencer
Breach Record

Marks & Spencer

DISCLOSED 2025-05-21 · PHISHING · RANSOMWARE

In early 2025, Marks & Spencer suffered a ransomware attack that disrupted online orders, in-store systems, and internal operations. Attackers gained access by using social engineering to trick a third-party helpdesk. The attack involved ransomware and impacted endpoints.

The record

What we know

Disclosed
2025-05-21
Attack vector
Phishing
Sector
Retail
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · partial · opinion

A positive-security model could have prevented unauthorized changes from ransomware, but the initial access via social engineering of a third-party helpdesk might still succeed if credentials were obtained, allowing some lateral movement before detection.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other phishing breaches on file

This page is the permanent ColdRecon entry for the Marks & Spencer disclosure. It updates if new public reporting emerges. All tracked breaches →

Marks & Spencer just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →