Marks & Spencer Had 70 Days to Stop the Attack. They Didn't Know It Was Happening.
Case Study Ransomware June 2026 · 8 min read In February 2025, attackers walked into Marks & Spencer's network using social engineering against a service desk. For 70 days they moved through the system, stole the password database for every domain user, and exfiltrated customer data — before deploying ransomware that shut down online shopping for nearly seven weeks and cost the company $409 million. Here are the five things every business with a payment system needs to know. Marks & Spencer is one of Britain's most recognizable brands — 64,000 employees, 1,049 stores, a household name for 141 years. In the spring of 2025 it became the most expensive ransomware victim in British retail history. The attack didn't start in April when the ransomware deployed. It started in February — two months earlier — when attackers called M&S's IT service desk, posed as an employee, and used social engineering to get their...