Marks & Spencer is facing a serious crisis after a cyberattack that has cost the company nearly $1 billion in market value. This breach has raised concerns about the security of remote work and how it may have allowed hackers to infiltrate the retailer’s systems.
The attack has disrupted operations at one of the UK’s most trusted brands, leading to significant service outages. Customers have been unable to place online orders, and contactless payments have failed at checkouts. Some stores even had to suspend returns, and around 200 agency workers at a distribution center in Leicestershire were sent home due to the lack of orders.
As the company worked to contain the breach, many employees working from home lost access to essential systems. Experts suggest this points to the possibility that remote access vulnerabilities played a role in the attack. Although Marks & Spencer has not directly linked the breach to remote work, the disabling of virtual private networks (VPNs) used by home-based staff indicates a strategy to limit further damage.
The attack is believed to be linked to the Scattered Spider group, which is suspected of targeting critical backend servers. This breach may have started months ago, highlighting how such attacks can go undetected for a long time.
The timing of this incident is particularly unfortunate for Marks & Spencer, which has been enjoying a revival under CEO Stuart Machin. The company is set to report its full-year financial results soon, and this crisis comes just as it was seeing improved profits. Last year, the retailer reported adjusted pre-tax profits of £716 million, a figure now under threat as daily online sales, worth about £3.5 million, have come to a halt. Since the attack, shares have dropped by 7%, reflecting growing concerns among investors.
This incident also highlights the ongoing challenges that come with remote work. The shift to hybrid work during the pandemic has introduced new devices and networks into corporate systems, often beyond the reach of traditional security measures. Home routers and personal laptops can become weak points for attackers. The hybrid model can make it harder for employees to spot suspicious activity or phishing attempts.
Marks & Spencer had previously warned about the elevated cyber risks associated with its hybrid operations. The breach has prompted the company to report the incident to the Information Commissioner’s Office and seek assistance from the National Cyber Security Centre, along with private firms like Microsoft and CrowdStrike.
As Marks & Spencer works to recover, experts emphasize that understanding how remote work policies intersect with network vulnerabilities will be crucial. The ongoing evolution of cyber threats means that companies must continually adapt their security measures. For Marks & Spencer, the next few weeks will not only test its technical recovery but also its ability to reassure customers and investors about its commitment to security in the digital age.