The Big Heist: The M&S & Co-Op Cyber Attack
In April 2025, Marks & Spencer and Co-op were hit by a coordinated ransomware attack attributed to the DragonForce RaaS group, linked to Scattered Spider.
The combined financial impact is estimated between £270 million and £440 million, making it one of the most costly cyber incidents in UK retail history.
Costs to M&S and the Co-op for the lapses include:
- Direct business interruption costs resulting from lost sales (the bulk of the cost) for M&S, Co-op, franchisees, and suppliers
- Incident response and IT restoration costs for M&S and Co-op
- Legal and notification costs for M&S and Co-op
*neither M&S or the Co-Op have disclosed anything regarding ransomware payments