Technology

M&S undergoes leadership shake-up and accelerates digital overhaul after cyberattack

Monday, 15 September 2025 4:08AM UTC

Following a damaging cyberattack attributed to social engineering tactics, Marks & Spencer is re-evaluating its leadership and fast-tracking its digital recovery efforts amidst significant financial and operational upheaval.

Marks & Spencer (M&S) is navigating a period of significant upheaval following a debilitating cyberattack that has had profound financial and operational consequences for the British retailer. Rachel Higham, the company’s Chief Digital and Technology Officer, has departed just months after the attack, which forced the shutdown of M&S’s online operations and left physical stores struggling with empty shelves. According to an internal memo, Higham, who joined M&S in 2014 from roles at WPP and BT Group, is "stepping back from her role" after a turbulent period for the business. The company commended her as "a steady hand and calm head at an extraordinary time," though she is understood to be taking a career break. Sacha Berendji, a seasoned executive within M&S, has been appointed to head the digital and technology division alongside his current duties.

The cyberattack, attributed to a hacker group known as Scattered Spider, exploited human vulnerabilities rather than technical flaws in M&S’s defences. Investigations revealed that the attackers breached the retailer’s systems via social engineering tactics targeting a third-party contractor, bypassing M&S’s own digital safeguards. This sophisticated intrusion occurred over the Easter weekend in April and subsequently led to a near four-month suspension of parts of M&S’s digital operations, including the popular 'click and collect' service. The National Crime Agency is investigating the group reportedly responsible. Despite the severe impact, M&S has refrained from commenting on any ransom demands, citing law enforcement guidance.

Financially, the breach has been catastrophic. Industry estimates project a £300 million hit to M&S’s operating profit for the current financial year, coupled with a market capitalisation loss approaching £750 million. CEO Stuart Machin has emphasised that the setback, largely due to human error linked to the third-party contractor, has overshadowed an otherwise strong year for the company, which reported a 22% rise in adjusted pre-tax profits to £875.5 million and 6.1% sales growth to nearly £14 billion. M&S is employing various strategies to mitigate the losses, including cost management and insurance claims, with hopes of recovering around half the estimated impact.

Amidst this turmoil, leadership stability has been a topic of internal discussion. The company is reportedly considering extending the tenure of Chairman Archie Norman beyond the typical UK-recommended nine-year limit, given his pivotal role in steering M&S through a turnaround and now through this crisis. The final decision rests with the board and shareholders.

Adding complexity to the situation is the involvement of Tata Consultancy Services (TCS), M&S’s primary technology partner since 2018. TCS is conducting an internal probe to determine whether its systems served as the entry point for the attack. M&S CEO Machin has declined to specify whether ransom payments were made or to confirm TCS’s direct involvement, while both parties maintain silence on these details. This incident has also cast a shadow over TCS’s reputation, highlighting the growing cybersecurity risks faced by global IT service providers.

Despite the setbacks, M&S asserts its commitment to accelerating its technology transformation, compressing initially planned digital overhaul timelines from two years into six months, in an effort to fortify its systems against future threats. The company’s leadership changes and strategic focus underscore the critical importance of digital resilience in the retail sector as cyber threats become increasingly sophisticated.

📌 Reference Map:

Paragraph 1 – ^[1], ^[2]
Paragraph 2 – ^[1], ^[4]
Paragraph 3 – ^[2], ^[6]
Paragraph 4 – ^[3]
Paragraph 5 – ^[5]
Paragraph 6 – ^[6], ^[1]

Source: Noah Wire Services

More on this

https://retailtechinnovationhub.com/home/2025/9/14/gap-thinks-about-the-future-our-most-read-retail-technology-articles-from-last-week - Please view link - unable to able to access data
https://www.reuters.com/business/media-telecom/ms-digital-chief-exits-months-after-damaging-hack-2025-09-11/ - Marks & Spencer's Chief Digital and Technology Officer, Rachel Higham, is stepping down after a significant cyberattack disrupted the retailer's online operations. The attack, attributed to the hacker group Scattered Spider, is projected to cost M&S around £300 million in lost operating profit for the 2025/26 financial year. Higham, who joined M&S in 2014, is taking a career break, with Sacha Berendji, a long-time executive, set to lead the digital and technology division alongside his current responsibilities. The company has not commented on any ransom demands due to law enforcement advice.
https://www.reuters.com/business/retail-consumer/ms-considers-extending-archie-normans-tenure-chair-ft-reports-2025-09-12/ - Marks & Spencer (M&S) is contemplating extending Chairman Archie Norman's tenure beyond the UK-recommended nine-year limit, following a severe cyberattack in April. The attack, attributed to the hacker group DragonForce, compromised customer data and led to the suspension of M&S’s 'click and collect' service for nearly four months. The breach is estimated to have cost the retailer around £300 million in gross profit. Norman, who became chairman in 2017, has played a major role in the company's turnaround alongside CEO Stuart Machin. The final decision on the extension rests with M&S’s board and shareholders.
https://www.reuters.com/business/aerospace-defense/ms-says-cyber-hackers-broke-through-third-party-contractor-2025-05-21/ - Marks & Spencer (M&S) disclosed that a recent cyberattack on its systems was carried out through a third-party contractor, bypassing its own digital defenses via social engineering tactics. CEO Stuart Machin revealed that despite increasing tech investment threefold over the past three years, the attackers exploited human vulnerabilities, gaining access through the contractor rather than a technical weakness. The breach was discovered over Easter weekend (April 19-20), and M&S promptly involved cybersecurity experts and authorities. The company halted online sales, anticipating full service restoration by July. The UK’s National Crime Agency is investigating a group of young English-speaking hackers believed to be responsible. So far, around 600 systems have been scanned and are being restored. M&S has not commented on any ransom demands due to law enforcement advice. The retailer, with annual sales of nearly £14 billion ($19 billion), emphasized the importance of vigilance against increasingly sophisticated cyber threats.
https://www.ft.com/content/c658645d-289d-49ee-bc1d-241c651516b0 - Tata Consultancy Services (TCS) is conducting an internal investigation to determine if it was the entry point for a major cyberattack on Marks & Spencer (M&S) that compromised customer data and crippled the retailer's online clothing business for over three weeks. The attack caused an estimated £300 million hit to M&S's operating profit and resulted in a market capitalization loss of over £750 million. While M&S CEO Stuart Machin attributed the breach to human error involving a third-party contractor’s staff, he did not disclose whether a ransom was paid or if TCS—which has been M&S’s primary technology partner since 2018—was directly involved. Both TCS and M&S have refrained from official comments. The UK police have launched an investigation, and TCS expects to conclude its probe by the end of the month. The incident has cast a shadow over TCS’s reputation amidst a broader increase in cybercrime affecting UK retailers and India's tech industry. TCS, also partnered with UK retailer Co-op, confirmed its services were not linked to a separate cyberattack on that company. The event highlights growing cybersecurity challenges faced by global IT service providers.
https://www.ft.com/content/fa80b540-c836-4c45-a77f-38aa1693c656 - Marks & Spencer (M&S) anticipates a £300 million hit to its operating profits this year due to a cyberattack attributed to 'human error'. The attack, which has severely disrupted M&S's operations, has resulted in the theft of personal customer data and the shutdown of its online clothing business for over three weeks. It also impacted the supply of food items and caused nearly £750 million in market capitalisation losses. CEO Stuart Machin revealed that the breach occurred due to social engineering tactics targeting a third-party supplier, rather than flaws in M&S’s IT infrastructure. While the company declined to comment on whether a ransom was paid, it is working to mitigate losses through cost management, insurance, and other measures, hoping to recover half the anticipated losses. Despite the disruption, M&S remains committed to accelerating its technology overhaul, compressing a planned two-year timeline into six months. The setback has overshadowed strong annual financial results, including a 22% rise in adjusted pre-tax profits to £875.5 million and a 6.1% increase in sales to nearly £14 billion, though reported pre-tax profits dropped 24% due to a significant impairment in Ocado Retail.
https://www.retailtechinnovationhub.com/home/2025/9/7/manesh-nana-departs-unilever-to-join-food-delivery-platform-wonder-as-vp-of-strategic-finance - Manesh Nana has left Unilever (where he served as CFO - Foods North America) to join Wonder, a food delivery and technology startup founded in 2018 and fronted by former Walmart U.S. eCommerce executive, Marc Lore. He is taking on the role of VP of Strategic Finance, having spent almost four years at Unilever. Nana’s CV also includes stints at Mars and PepsiCo. 'I’m grateful for the last four years at Unilever. I’ve had the opportunity to learn, lead fantastic teams, and drive impactful change, all while creating strong friendships. I am thrilled to announce that I will be starting a new chapter at Wonder, where I look forward to tackling fresh challenges,' he says.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative is recent, with the earliest known publication date being 11 September 2025. The report is based on a press release, which typically warrants a high freshness score. However, the narrative has been republished across multiple outlets, including Reuters and Cybernews, indicating widespread dissemination. No significant discrepancies in figures, dates, or quotes were found.

Quotes check

Score: 9

Notes: Direct quotes from the internal memo and company statements are consistent across sources. No earlier usage of these exact quotes was found, suggesting original or exclusive content.

Source reliability

Score: 9

Notes: The narrative originates from reputable organisations, including Reuters and Cybernews, enhancing its credibility. The involvement of well-known entities like Marks & Spencer and the National Crime Agency further supports the reliability of the information.

Plausability check

Score: 8

Notes: The claims align with known events, such as the cyberattack attributed to Scattered Spider and the departure of Rachel Higham. The narrative includes specific details, such as the £300 million estimated impact on operating profit, which are consistent with previous reports. The language and tone are appropriate for the context, and there are no signs of excessive or off-topic detail.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is recent and based on reputable sources, with consistent and plausible claims. The use of direct quotes and specific details supports its credibility. No significant issues were identified, leading to a high confidence in the assessment.

Cybersecurity
Retail
Digital transformation