On 13 May 2025, the iconic British retailer Marks & Spencer confirmed that it had been the target of a major cyberattack. Customer names, contact details, dates of birth, and order histories were among the data stolen. Although payment details and passwords were not compromised, the attack caused substantial disruption to online operations and physical store stock levels.
The breach has been linked to Scattered Spider, a known threat actor group using sophisticated social engineering tactics. This type of manipulation, where attackers trick support staff into handing over credentials or resetting passwords, is increasingly common and devastatingly effective. These are precisely the skills and scenarios addressed in the Certified Ethical Hacker (CEH) course and the Beginner Cyber Security Package offered at Robust IT.
What Happened to M&S?
The attackers allegedly impersonated staff to reset internal access credentials, gaining backdoor entry to sensitive systems. The result? Supply chain delays, suspended online orders, and a dip in consumer confidence. With estimated losses topping £30 million in profit, the financial consequences are substantial.
This attack is a harsh wake-up call not just for M&S, but for any organisation without a mature cybersecurity posture. It also underscores the urgency for the UK workforce to address the cyber skills shortage.
Why Cybersecurity Skills Are in Demand
From healthcare and retail to government and finance, no sector is immune. The M&S breach is part of a larger trend of growing cybercrime, much of it preventable with trained personnel.
At Robust IT, our Cybersecurity Career Pathway is designed to equip individuals with hands-on training and internationally recognised certifications such as:
- CompTIA Security+
- SC-900 Microsoft Security, Compliance, and Identity Fundamentals
- Certified Network Defender (CND)
- Cisco CyberOps Associate
These programs teach proactive monitoring, incident response, identity management, and cloud security — all vital components of modern defence.
What is Social Engineering?
The key method used in the M&S breach, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This is not a new threat, but it is evolving.
The Computer Hacking Forensic Investigator (CHFI) course provides deep dives into analysing breaches, collecting legal digital evidence, and understanding attacker behaviour. For aspiring cyber professionals, these skills are invaluable.
Business Impact and Regulatory Risk
Under GDPR, data breaches of this nature can lead to massive fines and reputational damage. As a result, there is a growing demand for roles such as:
- Security Operations Analyst
- Information Protection Administrator
- Identity and Access Administrator
All of these are covered in our Security Analyst pathway, and courses such as Microsoft Certified Security Operations Analyst Associate.
Weekly Cybersecurity Webinars (Free to Attend)
To raise awareness and provide insights, Robust IT hosts free cybersecurity webinars every Wednesday at 6:15 PM. Sign up at cyber-webinar.com and learn how to break into the field, improve your security posture, and build a new career.
Ready to Upskill?
Whether you’re new to tech or already in IT, there’s never been a better time to explore a Cybersecurity Training Bundle. We also offer dedicated support for ELCAS learners and corporate enquiries.
Browse all our cybersecurity certifications or get career advice personalised to your background.
Don’t wait for the next breach to take action. Start your cybersecurity journey today.