The recent ransomware attacks on M&S and other British retailers serve as a reminder – as if we needed one – of the ubiquitous nature of cyber crime, and the widespread disruption which it can cause to both businesses and individuals.

The BBC has reported that M&S began experiencing problems over the Easter weekend (the risk of cyber attack increases during public holidays) and that some of its operations, including online food ordering, remain offline some two weeks later.

The UK’s data regulator, the Information Commissioner’s Office, has confirmed that it is “making enquiries” with M&S, as well as the Co-op Group, which was also subject to recent attack. The ICO will be looking to establish whether the security measures employed by M&S and the Co-op were appropriate, or whether they contributed to the success of the attacks. If either entity is held to have breached its obligations under the UK GDPR, formal enforcement action may follow.

Following these incidents, the National Cyber Security Centre has published further recommendations for businesses on the steps they can take to improve their security position.

In addition to the impact on the companies targeted by the attack, individuals may also be affected where their personal data was exfiltrated by the attackers. As well as the loss of privacy, this can expose individuals to increased risk of identity theft or fraud.

These recent incidents reflect a number of the key themes and issues which we cover in our regular cyber blogs, which are available here:

Burness Paull’s leading cyber security, data protection and group litigation experts have significant experience in managing cyber security risks, including ransomware attacks, and best practices. Our team are on hand to support you on your cyber resilience journey, from implementing protective measures to handling a full-scale incident. Please get in touch with any of our team to discuss your needs.

Written by

Related News, Insights & Events

Navigating legal and compliance challenges in the energy sector: from environmental risks to workforce management

01/10/2025 - The Marcliffe Hotel (N Deeside Rd, Pitfodels, Aberdeen AB15 9YA)

Navigating legal and compliance challenges in the energy sector conference - we will cover environmental risks to workforce management

Arbitration Networking Breakfast

05/09/2025 - Burness Paull, Edinburgh office

Come join us with Herbert Smith Freehills Kramer for an internal networking event, coinciding with 'ArbFest'

The changing face of litigation and dispute resolution – A Mindful Business Charter event for legal professionals

03/09/2025 - Burness Paull Edinburgh office

This event will showcase and bring together various important initiatives that are seeking to rehumanise the way litigation and dispute resolution more generally is conducted

Want to hear more from us?

Subscribe here Subscribe here

Advice for the way we live our lives.

Burness Paull is known globally as the go-to Scottish law firm.

Guide: Doing Business in the UK

Legal insights

Summary of Employment Rights Bill implementation

Events

Data and the digital economy: Managing risk and making the most of opportunities

Topics

Welcome to Burness Paull.

Human and high-performing

Delivering real change for our clients, people and communities

Responsible business lies at the heart of our decision-making.

Firm news

Burness Paull invests to support sustainable growth as it embarks on new three-year strategy

We believe you’re not a tiny cog in a giant machine.

Vacancies

Looking for a workplace that will value your curiosity, passion, and desire to grow?

Don't settle for standard, help us set new ones.