M&S supplier turns to pen and paper after hack attack – Daily Business

One of Marks & Spencer’s biggest suppliers has resorted to using pen and paper for orders following the as the retailer continues to tackle a major cyberattack.

M&S has been unable to offer online orders for clothing and homewares for over a week, and in some stores shoppers have been faced with empty shelves as food deliveries have been disrupted.

Sandwich maker Greencore has now turned back the clock to ensure M&S gets its supplies.

Chief executive Dalton Philips said: “In the absence of having all the systems speaking to each other, you revert to how it was 25 years ago.” That means back to “pen and paper”, he told the BBC.

“They’re a massive customer for us and we’re trying to flood them with products to help them.

“There are times when you do need to revert to manual systems in any business… but look, it works well.

“With the challenges of the system we don’t have intricate forecasting that we would have previously had, so we’re just making sure that they’ve got everything they need and some more.”

Meanwhile, M&S has reassured staff that they will be paid for all contracted hours as usual.

A sudden surge of cyberattacks targeting the UK’s top retail brands has sparked alarm across government agencies, intelligence circles, and the retail industry.

In just two weeks, Harrods, Marks & Spencer and the Co-operative Group have all confirmed incidents that disrupted digital services, triggered emergency responses, and revealed serious cybersecurity lapses within the sector.

M&S suffered hits to online ordering, contactless payments, and Click & Collect services in a confirmed ransomware attack. Security researchers identified the Scattered Spider hacking group as the likely perpetrator. The attackers deployed DragonForce ransomware, the same strain used in past hits on MGM Resorts, Caesars, and DoorDash.

The 420 website reports that Scattered Spider is known for sophisticated social engineering tactics that exploit employee accounts through phishing and SIM-swapping.

Their targets often include large consumer-facing organsations with a high dependency on 24/7 digital infrastructure making downtime both costly and reputationally damaging.

The incidents underscore what officials say is a growing trend: retailers, with their sprawling digital infrastructure and customer data, have become prime targets for ransomware groups and nation-state-level actors.

Harrods confirmed that an attempted breach of its network occurred on May 1. In response, the luxury department store restricted internet access and internal systems. Though officials have not confirmed the extent of the breach, the precautionary lockdown suggests a serious intrusion attempt.

The Co-op also confirmed a cyber incident that prompted the disabling of VPN access and internal communications alerts. A memo from Co-op’s Chief Digital Officer Rob Elsey called on staff to be vigilant, signaling an active containment strategy in progress.

The National Cyber Security Centre, part of GCHQ, said it is working with the affected organizations to assess the nature and scope of the attacks.

Dr Richard Horne, CEO of the NCSC, said: “These incidents should act as a wake-up call to all organisations.” 

He urged corporate leaders to adopt the agency’s recommended cyber defence protocols and strengthen their readiness for recovery.