What: FBI joins investigation of £300mn M&S cyber attack by Dragon Force group, marking unprecedented international response to retail cybersecurity breach.

Why it is important: The involvement of the FBI in a UK retail breach highlights the growing sophistication of cyber criminals targeting retail operations, forcing a fundamental shift in how the industry approaches security.

Marks and Spencer's recent cyber attack has escalated into an international security incident, prompting unprecedented collaboration between UK authorities and the FBI. The retailer's chair, Archie Norman, revealed to a parliamentary select committee that the FBI's involvement brought additional "muscle" to the investigation, complementing efforts by the UK's National Crime Agency and National Cyber Security Centre. The attack, attributed to the Russian-speaking cyber criminal group Dragon Force, has resulted in a devastating £300mn impact on operating profits and temporarily erased £600mn from the company's market value. The breach's severity is underscored by a seven-week disruption to online clothing and furniture sales, highlighting the vulnerability of modern retail operations to sophisticated cyber threats. Norman's call for mandatory reporting of major cyber attacks reflects growing concern about unreported incidents in the sector, with two significant attacks in the past four months allegedly going undisclosed. The company continues to rebuild its systems, with recovery efforts expected to extend into late 2025, though customer operations remain unaffected.

IADS Notes: The M&S cyber attack represents a watershed moment in retail cybersecurity. In April 2025, the Scattered Spider group's initial breach wiped £700 million off M&S's market value and disrupted £3.5 million in daily digital sales. By May 2025, the incident triggered a chain reaction across the UK retail sector, with both Harrods and Co-op suffering similar attacks, leading to a 10% increase in industry-wide cyber insurance premiums. The attack's sophistication, involving third-party vulnerabilities that account for 41% of retail breaches, prompted unprecedented responses including FBI involvement. While customer recommendation rates dropped from 87% to 73%, M&S maintained relatively stable underlying trust at 82% through transparent crisis management. The projected £300 million profit impact and extended recovery timeline until late 2025 underscore the critical importance of cyber resilience in modern retail operations, particularly as ransomware now accounts for 30% of retail security incidents, with average losses reaching £1.4 million per attack.

M&S turned to FBI ‘muscle’ after cyber attack