Marks & Spencer (MKS.L) is facing significant operational challenges following a damaging cyber attack that has left the retail giant unable to hire new workers. On Thursday, May 1, 2025, the company confirmed that it has pulled all online job advertisements from its website as tech experts work to resolve the ongoing issues with its systems.
A message on the company’s jobs website stated, “Sorry you can’t search or apply for roles right now, we’re working hard to be back online as soon as possible.” As of Thursday, there were no job listings available across the UK business, despite the company having over 200 job openings just a week prior.
Based in London, Marks & Spencer employs approximately 65,000 people across its head office and retail locations. A spokeswoman for the company remarked, “While we proactively manage the cyber incident, we are temporarily pausing some of our normal processes so we can continue to work hard on offering the best M&S for our customers and colleagues. Job adverts will be up again in due course.”
This incident marks a continuation of problems that began over a week ago when M&S’s IT systems were first hit by a major ransomware attack. The repercussions have been extensive; the retailer is still unable to take online orders, and the availability of certain products in its stores has been compromised as systems were taken offline in response to the attack.
M&S first reported issues during the Easter weekend, which included stopping click-and-collect orders and experiencing disruptions to contactless payments. Fortunately, contactless payments have since been restored, but the overall impact on operations has been significant.
In a related development, the Metropolitan Police confirmed on Wednesday, April 30, 2025, that it is investigating the cyber attack on M&S. This incident is part of a broader trend affecting the retail sector, as rival retailer The Co-op also faced challenges. On the same day, The Co-op announced it had shut off parts of its IT systems following an attempted hack, although it reassured customers that all stores, including grocery and funeral homes, were operating normally.
Reports from the BBC indicated that staff at The Co-op have been instructed to keep their cameras on and verify identities during remote work meetings as a precautionary measure.
Meanwhile, the UK's data protection authority, the Information Commissioner's Office (ICO), has decided not to pursue further investigation into the British Library's 2023 ransomware attack, which similarly highlighted vulnerabilities in cybersecurity practices. The ICO stated that it believes its resources would be better allocated elsewhere, despite the British Library's significant breach stemming from the lack of multi-factor authentication (MFA) on an admin account.
The ICO has provided guidance to the British Library following the incident, which has been praised for its transparent communication regarding the attack. In March 2024, the library published a comprehensive review of the cyber incident, detailing its IT weaknesses and the lessons learned, which have been commended by the ICO.
The ICO's statement included, “We commend the British Library for being open and transparent about its system vulnerabilities that contributed to the incident, the impact it has had, and the improvements made so far to protect people's personal information.”
Despite the ICO's commendation of the British Library's response, the organization itself is facing challenges. It recently reported missing its complaint response targets by the largest margin since tracking began. With current staffing levels, the ICO anticipates a further decline in performance, as it received more than 10,000 complaints during the most recent quarter, an increase of 746 compared to the previous three months.
The ICO aims to respond to all complaints within 90 days; however, only 12.3 percent of complaints from the latest quarter were thoroughly assessed. In response to these challenges, the ICO has confirmed that it is hiring for various roles and implementing significant digital and process changes to help alleviate the burden.
As both Marks & Spencer and the British Library navigate the aftermath of cyber attacks, the incidents underscore the critical need for robust cybersecurity measures across all sectors. The retail giant's ongoing struggle to recover from its ransomware attack, coupled with the ICO's resource constraints, highlights the increasing prevalence of cyber threats and the importance of proactive measures to safeguard sensitive information.
In summary, the operational disruptions at Marks & Spencer and the ICO's decision to forgo further investigation into the British Library's ransomware incident reflect a larger trend in cybersecurity vulnerabilities affecting organizations across the UK. As these institutions work to recover and improve their defenses, the implications for data protection and operational integrity remain significant.
