Cyberattacks that targeted UK retailers Marks & Spencer and Co-op in April 2025 were categorized as a "single combined cyber event" Due to a lack of sufficient information regarding the cause and impact, the cyberattack on Harrods at the same time has not yet been included. Nevertheless, the intrusions are thought to be the work of the infamous cybercrime group Scattered Spider (also known as UNC3944). This comes after the massive Indian consulting firm Tata Consultancy Services (TCS) revealed that neither its users nor its systems were compromised during the M&S attack.

The security breaches are expected to cost the two companies between £270 million ($363 million) and £440 million ($592 million) in total. The group, an offshoot of the larger cybercrime community known as The Com, has a history of using its English-speaking members to carry out sophisticated social engineering attacks in which they pretend to be IT department employees in order to gain unauthorized access. Additionally, it states that it has an internal team of journalists who can collaborate with the legal department to create blog entries and support victim negotiations.

It employs a novel tactic from the Qilin ransomware operation, which entails providing legal support to increase pressure during ransom talks. "The impact from this event is 'narrow and deep,' having significant implications for two companies, and knock-on effects for suppliers, partners, and service providers," the CMC stated. The Google Threat Intelligence Group (GTIG) disclosed earlier this week that major US insurance companies are being targeted by Sc scattered Spider actors.