Beginning around April 22, 2025, Scattered Spider (also tracked as UNC3944 and Octo Tempest) attacked Marks & Spencer, the UK’s largest clothing retailer, by socially engineering employees at TCS (Tata Consultancy Services), M&S’s IT outsourcing provider. Attackers obtained credentials and used NTLM hash relay attacks to access M&S’s internal Active Directory. DragonForce ransomware was deployed in late April 2025, causing widespread disruption to M&S’s online ordering, contactless payments, and supply chain systems. Online clothing orders were suspended for over three weeks. The breach affected customer data including names, email addresses, phone numbers, home addresses, and order history — though M&S stated payment data was not compromised. The attack caused an estimated £300M+ in lost sales and share price decline. Simultaneously part of the broader wave of Scattered Spider attacks on UK retailers in spring 2025.