Following a damaging cyberattack attributed to social engineering tactics, Marks & Spencer is re-evaluating its leadership and fast-tracking its digital recovery efforts amidst significant financial and operational upheaval.
Marks & Spencer (M&S) is navigating a period of significant upheaval following a debilitating cyberattack that has had profound financial and operational consequences for the British retailer. Rachel Higham, the company’s Chief Digital and Technology Officer, has departed just months after the attack, which forced the shutdown of M&S’s online operations and left physical stores struggling with empty shelves. According to an internal memo, Higham, who joined M&S in 2014 from roles at WPP and BT Group, is “stepping back from her role” after a turbulent period for the business. The company commended her as “a steady hand and calm head at an extraordinary time,” though she is understood to be taking a career break. Sacha Berendji, a seasoned executive within M&S, has been appointed to head the digital and technology division alongside his current duties.
The cyberattack, attributed to a hacker group known as Scattered Spider, exploited human vulnerabilities rather than technical flaws in M&S’s defences. Investigations revealed that the attackers breached the retailer’s systems via social engineering tactics targeting a third-party contractor, bypassing M&S’s own digital safeguards. This sophisticated intrusion occurred over the Easter weekend in April and subsequently led to a near four-month suspension of parts of M&S’s digital operations, including the popular ‘click and collect’ service. The National Crime Agency is investigating the group reportedly responsible. Despite the severe impact, M&S has refrained from commenting on any ransom demands, citing law enforcement guidance.
Financially, the breach has been catastrophic. Industry estimates project a £300 million hit to M&S’s operating profit for the current financial year, coupled with a market capitalisation loss approaching £750 million. CEO Stuart Machin has emphasised that the setback, largely due to human error linked to the third-party contractor, has overshadowed an otherwise strong year for the company, which reported a 22% rise in adjusted pre-tax profits to £875.5 million and 6.1% sales growth to nearly £14 billion. M&S is employing various strategies to mitigate the losses, including cost management and insurance claims, with hopes of recovering around half the estimated impact.
Amidst this turmoil, leadership stability has been a topic of internal discussion. The company is reportedly considering extending the tenure of Chairman Archie Norman beyond the typical UK-recommended nine-year limit, given his pivotal role in steering M&S through a turnaround and now through this crisis. The final decision rests with the board and shareholders.
Adding complexity to the situation is the involvement of Tata Consultancy Services (TCS), M&S’s primary technology partner since 2018. TCS is conducting an internal probe to determine whether its systems served as the entry point for the attack. M&S CEO Machin has declined to specify whether ransom payments were made or to confirm TCS’s direct involvement, while both parties maintain silence on these details. This incident has also cast a shadow over TCS’s reputation, highlighting the growing cybersecurity risks faced by global IT service providers.
Despite the setbacks, M&S asserts its commitment to accelerating its technology transformation, compressing initially planned digital overhaul timelines from two years into six months, in an effort to fortify its systems against future threats. The company’s leadership changes and strategic focus underscore the critical importance of digital resilience in the retail sector as cyber threats become increasingly sophisticated.
📌 Reference Map:
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative is recent, with the earliest known publication date being 11 September 2025. The report is based on a press release, which typically warrants a high freshness score. However, the narrative has been republished across multiple outlets, including Reuters and Cybernews, indicating widespread dissemination. No significant discrepancies in figures, dates, or quotes were found.
Quotes check
Score:
9
Notes:
Direct quotes from the internal memo and company statements are consistent across sources. No earlier usage of these exact quotes was found, suggesting original or exclusive content.
Source reliability
Score:
9
Notes:
The narrative originates from reputable organisations, including Reuters and Cybernews, enhancing its credibility. The involvement of well-known entities like Marks & Spencer and the National Crime Agency further supports the reliability of the information.
Plausability check
Score:
8
Notes:
The claims align with known events, such as the cyberattack attributed to Scattered Spider and the departure of Rachel Higham. The narrative includes specific details, such as the £300 million estimated impact on operating profit, which are consistent with previous reports. The language and tone are appropriate for the context, and there are no signs of excessive or off-topic detail.
Overall assessment
Verdict (FAIL, OPEN, PASS): PASS
Confidence (LOW, MEDIUM, HIGH): HIGH
Summary:
The narrative is recent and based on reputable sources, with consistent and plausible claims. The use of direct quotes and specific details supports its credibility. No significant issues were identified, leading to a high confidence in the assessment.
Supercharge Your Content Strategy
Feel free to test this content on your social media sites to see whether it works for your community.
