“Scattered Spider Linked to Cyberattacks on M&S and Co-op, Resulting in Up to $592M in Damages”
June 21, 2025
Cyber Attack / Critical Infrastructure
The April 2025 cyberattacks on U.K. retailers Marks & Spencer and Co-op have been deemed a “single combined cyber event” by the Cyber Monitoring Centre (CMC), an independent non-profit organization established by the insurance industry to assess significant cyber incidents. The CMC noted, “Given that one threat actor claimed responsibility for both M&S and Co-op, along with their close timing and the similar tactics, techniques, and procedures (TTPs), we have classified these incidents as a single combined cyber event.” These disruptions have been categorized as a “Category 2 systemic event,” with estimated financial repercussions ranging from £270 million ($363 million) to £440 million ($592 million). However, the cyberattack on Harrods, occurring around the same period, has not been included due to insufficient information regarding its cause.
Cyber Attack / Critical Infrastructure
Scattered Spider Linked to Cyberattacks on M&S and Co-op, Resulting in Significant Financial Losses In April 2025, the U.K. retailers Marks & Spencer (M&S) and Co-op fell victim to a series of coordinated cyberattacks, now recognized as a “single combined cyber event” by the Cyber Monitoring Centre (CMC). This independent,…
“Scattered Spider Linked to Cyberattacks on M&S and Co-op, Resulting in Up to $592M in Damages”
June 21, 2025
Cyber Attack / Critical Infrastructure
The April 2025 cyberattacks on U.K. retailers Marks & Spencer and Co-op have been deemed a “single combined cyber event” by the Cyber Monitoring Centre (CMC), an independent non-profit organization established by the insurance industry to assess significant cyber incidents. The CMC noted, “Given that one threat actor claimed responsibility for both M&S and Co-op, along with their close timing and the similar tactics, techniques, and procedures (TTPs), we have classified these incidents as a single combined cyber event.” These disruptions have been categorized as a “Category 2 systemic event,” with estimated financial repercussions ranging from £270 million ($363 million) to £440 million ($592 million). However, the cyberattack on Harrods, occurring around the same period, has not been included due to insufficient information regarding its cause.
