Harrods, M&S hit by cyberattack: What happened, who’s behind it?

Al Jazeera - May 2nd, 2025

British retail giants Marks & Spencer and Harrods have fallen victim to a cyberattack believed to be orchestrated by the hacking group Scattered Spider. The attack, which appears to be a ransomware incident, has significantly disrupted operations at Marks & Spencer, causing a pause in online orders and a halt in recruitment. The company's market value has dropped by over 700 million pounds, with physical stores experiencing shortages and certain services like gift card processing being unavailable. Meanwhile, Harrods has confirmed a cyberattack but assured that its operations are continuing as usual, without revealing the extent of the breach.

This attack highlights the persistent threat of cybercrime against major retail players, with significant financial and operational implications. The UK's Metropolitan Police and the National Cyber Security Centre are investigating the incidents, urging retailers to strengthen their cybersecurity measures. The events underscore the vulnerability of high-profile brands to cyber threats and the potential for large-scale disruptions in service and financial losses. The situation at M&S and Harrods is a stark reminder of the importance of robust cybersecurity strategies in protecting both company assets and consumer data.

Metropolitan Police Retail Ransomware Cyberattack National Cyber Security Centre Marks & Spencer Harrods Scattered Spider

Story submitted by Fairstory

RATING

6.4

Moderately Fair

Read with skepticism

The article provides a comprehensive overview of the cyberattacks on Marks & Spencer and Harrods, covering the timeline of events, financial impacts, and potential causes. It effectively uses a clear structure and straightforward language to convey complex information in an accessible manner. However, the story could benefit from more direct quotes and statements from involved parties to enhance its accuracy and source quality. While it addresses a topic of public interest with timely relevance, the article's impact and engagement could be improved by including more diverse perspectives and exploring the broader implications of the cyberattacks. Overall, the story is informative and well-organized but could be strengthened by greater transparency and balance in its reporting.

Accuracy

The story provides a detailed account of the cyberattacks on Marks & Spencer and Harrods, attributing the attacks to a group called Scattered Spider. Specific dates and events are mentioned, such as the suspension of online orders on April 25 and the confirmation of a cyberattack by Harrods on May 1. The article also discusses the financial impact on M&S, citing a loss of over 700 million pounds in market value. However, certain claims, like the exact involvement of Scattered Spider and the use of DragonForce ransomware, would need verification from official cybersecurity reports or statements from the companies involved. The story does not provide direct quotes or sources for these claims, which affects its verifiability.

Balance

The article primarily focuses on the impact of the cyberattacks on the companies involved, particularly Marks & Spencer. It provides insights from cybersecurity experts and mentions the involvement of law enforcement agencies like the Metropolitan Police and the National Cyber Security Centre. However, the perspectives of affected customers or employees are not included, which could provide a more balanced view of the incident's impact. Additionally, while it mentions the potential connection between the attacks on M&S and Harrods, it does not explore alternative explanations or perspectives from the companies themselves.

Clarity

The article is generally well-structured, with a clear timeline of events and logical flow of information. It uses straightforward language to explain technical concepts like ransomware and phishing, making it accessible to a general audience. The separation of sections with headings like 'What happened in the cyberattack' and 'Is M&S back online?' helps guide readers through the story. However, some technical details, such as the methods used by Scattered Spider, could be further clarified to ensure comprehension by readers who may not be familiar with cybersecurity terminology.

Source quality

The story references cybersecurity experts and firms like Akamai and Secureworks, which lends some credibility to the technical details provided. However, the article lacks direct quotes or statements from these sources, which would enhance reliability. The absence of official statements from Marks & Spencer or Harrods regarding the specifics of the attack, such as the involvement of Scattered Spider or the type of ransomware used, also affects the source quality. The reliance on unnamed 'cybersecurity observers' and general expert opinions without direct attribution weakens the authority of the information presented.

Transparency

The article outlines the timeline of events and the potential causes and effects of the cyberattacks, providing some context for readers. However, it lacks transparency in terms of how certain conclusions were reached, such as the identification of Scattered Spider as the group behind the attacks. The article does not disclose the methodology or sources used to verify these claims, nor does it clarify any potential conflicts of interest from the experts cited. Greater transparency in these areas would enhance the article's credibility and help readers understand the basis of the claims made.