Several Marks & Spencer (M&S) stores are facing shortages on their food shelves as the retailer continues to contend with a significant cyber attack impacting its operations.
Since Friday, M&S has suspended online orders via its website and app, following disruptions to contactless payments and Click & Collect services over the Easter holiday period.
According to information obtained by the BBC, food supplies are expected to return to normal levels by the end of the week.
Cybersecurity specialists have identified a group known as DragonForce as being responsible for the attack.
The relatively new collective is believed to be demanding a multi-million pound ransom from the supermarket chain in exchange for ending the cyber attack.
The BBC has requested comment from M&S regarding the situation.
“Tracking network activity and ransomware groups indicates M&S is dealing with a ransomware gang seeking to extort them,” said cybersecurity researcher Kevin Beaumont.
DragonForce, like other ransomware organisations, employs malicious software to encrypt data on as many devices as possible, while also exfiltrating confidential information for leverage.
The group began targeting victims globally from August 2023.
Operating under a “ransomware as a service” model, DragonForce enables any cybercriminal to rent out its ransomware tools, in exchange for a share of the proceeds.
Although the exact individuals behind the M&S breach remain unidentified, experts suggest a loosely organised group called Scattered Spider may be involved.
While the full extent of the shortages is unclear, M&S has acknowledged “pockets of limited availability in some stores”.
The disruption arose after the company proactively took some of its food distribution systems offline, and is now employing alternative solutions to improve stock levels across its network.
At the Marble Arch branch in central London, notices on some empty shelves read: “Please bear with us while we fix some technical issues affecting product availability.”
Dot, 52, a frequent M&S shopper, observed that many food shelves had significant gaps.
“I was looking for my favourite biscuits and couldn’t find them,” she commented.
Ken, 76, also noted visibly reduced stock, though he praised the courtesy of the staff amid the ongoing challenges.
M&S is also managing some disruption to a minority of products supplied via Ocado, through which it fulfils its online grocery deliveries and which is partially owned by M&S.
Problems affecting contactless payments, Click & Collect and gift cards have reportedly been remedied, but online ordering remains unavailable to customers.
Around one third of the retailer’s clothing and homeware sales in the UK are made online, generating approximately £1.2bn, according to its most recent annual report.
While M&S shares were slightly higher on Tuesday morning, they have declined 4.6% over the past week, with a notable drop after the suspension of online orders was announced on Friday.
The cyber attack comes during one of the busiest periods for retailers, as shoppers purchase garden equipment, barbecue supplies, and party food for the improving weather.
According to analysts speaking to the BBC, the prolonged disruption is expected to impact earnings, as customers may turn to competitors for their purchases.
Nayna McIntosh, a former M&S executive and founder of Hope Fashion, likened the decision to halt online orders to “almost like cutting off one of your limbs.”
“It must have been extremely tough to make that decision on Friday, and for the disruption to enter a second week must be deeply challenging,” she told the BBC.
Nonetheless, McIntosh believes M&S’s strong brand loyalty will likely afford it some patience from customers, provided the company maintains clear communication.
M&S has not shared specific details about the method or scope of the cyber attack.
A spokesperson stated, “As part of our proactive management of the incident, we made the decision to temporarily take some systems offline.”
“Consequently, we currently have pockets of limited availability in some stores. We are working diligently to restore normal stock levels throughout our estate.”
M&S is not alone in experiencing technical outages in recent months. Supermarket Morrisons faced difficulties with Christmas orders in 2024, while Barclays and Lloyds banks also suffered disruptions earlier in 2025.
Additional reporting by Shakira Abdi
M&S reports it has taken some IT systems offline as part of its response to the cyber incident.
A recent report warns of the risks posed by the lack of comprehensive data on cash acceptance across the UK, raising concerns about a shift towards a cashless society.
The retailer’s refusal to specify the perpetrators or timeline for restoration underscores the severity of the attack.
The company’s decision reflects heightened competition with technology giants such as Google, as well as other product review platforms.
Online orders remain suspended on the retailer’s website and app since Friday.