M&S cyberattack by Scattered Spider exposes customer data; triggers 15% stock crash & 3-week online blackout. Exclusive details

Continue reading
A ruthless cyberattack has ignited chaos at British retail titan Marks & Spencer (M&S), as the 140-year-old institution faces its most crippling crisis in decades. The Scattered Spider syndicate—a global hacking collective linked to audacious strikes on Caesars Entertainment and MGM Resorts—has infiltrated M&S’s defenses, plundering vast troves of customer data and triggering a 15% stock market freefall that has left investors reeling.
For over three weeks, the retailer’s £1.4 billion online empire has been paralyzed, its reputation hanging by a thread, while executives wage a desperate battle to stem the bleeding.
The nightmare began on April 25, when M&S abruptly halted all online orders without explanation, leaving millions of customers in the dark. Behind the scenes, cyber mercenaries linked to Scattered Spider — a shadowy syndicate of English-speaking hackers — infiltrated M&S’s systems in what insiders describe as a “surgical strike” targeting personal customer data.
While M&S claims payment details and passwords were not compromised (as card data is outsourced to third parties), hackers accessed names, addresses, contact information, and purchase histories — a goldmine for identity theft and phishing schemes. The breach forced M&S to freeze its £1.4 billion e-commerce platform for over 21 days, triggering a 15% stock plunge and wiping hundreds of millions off its market value.
_“This wasn’t just a hack — it was a financial hemorrhage,”_ declared a City of London analyst. _“M&S’s reputation is bleeding out.”_
The attack has been pinned on Scattered Spider, a cybercrime cabal also known as Octo Tempest and Muddled Libra, whose members operate from the UK, U.S., and beyond. The group gained global notoriety in 2023 for crippling Las Vegas titans Caesars Entertainment and MGM Resorts, extracting a staggering $15 million ransom from Caesars in a single stroke.
Sources reveal Scattered Spider’s UK wing is allegedly led by Tyler Buchanan, a 23-year-old tech savant from Dundee, Scotland, who operated under the alias “Tylerb” on encrypted platforms. Buchanan was reportedly arrested in Spain last summer and extradited to California in April 2025 to face charges — though his alleged associates continue their rampage.
Meanwhile, U.S. operations are spearheaded by Noah Urban, aka “King Bob”, a hacker linked to high-profile ransomware schemes. The group’s signature blend of social engineering, phishing, and ransomware has made them one of the most feared entities in cybercrime.
As M&S races to restore systems with help from cybersecurity firm DarkTrace, law enforcement, and the UK’s National Cyber Security Centre (NCSC), questions mount over how hackers bypassed defenses at a company serving 30 million loyal customers.
Key Revelations:
In a fiery statement, M&S CEO Stuart Machin vowed: _“We are working tirelessly to protect our customers and emerge stronger. This attack will not define us.”_ The retailer has launched a 24/7 helpline for affected shoppers and pledged free credit monitoring.
Yet critics accuse M&S of downplaying risks. _“Calling this ‘sophisticated’ is corporate jargon for ‘we were outsmarted,’”_ snapped retail analyst Priya Kapoor.
The M&S debacle underscores a chilling reality: no company, however venerable, is safe from Scattered Spider’s evolving tactics. With ties to Russia’s ALPHV/BlackCat ransomware group, the gang epitomizes the borderless, mercenary nature of modern cyberwarfare.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.