Marks & Spencer: A Ransomware Attack Paralyzing E-Commerce

During the Easter weekend of 2025, Marks & Spencer was hit by a ransomware attack that disrupted online orders, click & collect withdrawals, and several payment terminals (BBC, Usine Digitale). The company estimates losses at €355 million, linked both to halted online sales (worth €4.5 million per day) and remediation costs.

Investigators attributed the attack to the Scattered Spider gang, which allegedly exploited stolen credentials from a third-party provider to penetrate the network, before encrypting VMware ESXi servers. Three weeks later, M&S confirmed a data breach affecting customer names, addresses, and order histories, prompting class actions. The case highlights how dependence on suppliers and reliance on e-commerce heighten retailers’ exposure.

Jaguar Land Rover: Production Frozen

On August 31, 2025, Jaguar Land Rover suffered a major cyberattack that froze its industrial operations (Autojournal). Assembly lines were halted, while 40,000 already-produced vehicles became untraceable in internal databases. Analysts estimate daily losses between £5–10 million, translating into several hundred million if the shutdown continued.

Beyond factories, the entire supply chain was disrupted: suppliers, spare parts inventories, deliveries of both new and used vehicles. The incident underscores that industrial cybersecurity must cover not only operational technology (OT) systems but also logistics and ERP environments coordinating manufacturing and distribution.

Orange: Data Leaks in France and Belgium

At the end of July 2025, Orange suffered two separate incidents exposing sensitive data (Usine Digitale).

• France: a gang named Warlock published about 4 GB of information on the dark web after exploiting limited access to Orange’s systems. While the stolen data appeared outdated or non-critical, the reputational impact was significant.

• Belgium: subsidiary Orange Belgium detected unauthorized access to 850,000 customer accounts. Compromised details included names, phone numbers, SIM card numbers, and PUK codes. Even though no banking data was leaked, the operator was forced to alert its subscribers and reinforce authentication checks.

These cases illustrate how telecom operators, by the sheer volume of data they hold, remain prime targets for cybercriminal groups.

Bouygues Telecom: 6.4 Million Customer Accounts Exposed

On August 6, 2025, Bouygues Telecom announced that a cyberattack had compromised data from 6.4 million accounts (Le Monde). Stolen information included contact details, IBANs, and contractual data, though neither passwords nor credit card numbers were affected.

The operator warned victims about potential scams—fraudulent calls, phishing emails, or attempts to obtain banking details. Bouygues filed a complaint with authorities, notified the CNIL, and reinforced detection systems. This episode highlights the need for strong client-database protection through segmentation, encryption, and continuous monitoring to prevent massive exfiltration.

Air France-KLM: Vulnerability at a CRM Provider

In early August 2025, Air France-KLM confirmed a data leak from a third-party CRM tool used to manage customer relations (Le Monde). Exposed details included names, contact information, and request subjects—without passwords or payment data.

Investigations point to social engineering techniques: attackers allegedly impersonated IT support staff to steal credentials from CRM vendor employees, possibly linked to Salesforce, before exfiltrating customer databases. The case stresses the importance of vendor access management and environment segmentation when SaaS platforms host critical data.

Naval Group: A Reputation-Driven Attack

In summer 2025, Naval Group faced an alleged leak of 1 TB of technical documents, claimed by an individual calling themselves Neferpitou (Le Point). The files concerned FREMM and FDI frigates and nuclear submarines but carried no secret-defense markings.

Analysts suggest the incident was more informational than technical: the attacker shared the files on a public forum to damage the company’s image during strategic contract bids. This demonstrates how cybersecurity extends beyond technical safeguards to reputation management: manipulating even non-sensitive data can erode trust.

France Travail: 340,000 Job Seekers Affected

On July 23, 2025, France Travail disclosed that unauthorized access had exposed data on 340,000 registrants (Le Monde). Attackers compromised an external training organization’s account via an “infostealer” malware, enabling them to access names, addresses, IDs, and phone numbers.

Even without banking data leakage, France Travail had to trigger its crisis plan, notify affected individuals, and alert the CNIL. The case underscores the need for strict monitoring of connected third parties and shared environments.

Key Takeaways and the Role of Specialized Partners

Reviewing these attacks, from Marks & Spencer to France Travail, shows how cyberthreats have grown in scale, diversity, and financial impact. Ransomware paralyzing supply chains, massive data breaches, information warfare targeting reputations: each case illustrates the importance of proactive and integrated cybersecurity.

Three lessons stand out:

1. Operational resilience is strategic
   Organizations must absorb incidents without prolonged downtime: redundancy, network segmentation, and regularly tested recovery procedures are non-negotiable.

2. Third-party risk is critical
   Incidents at Jaguar Land Rover and Air France-KLM show that providers, IT outsourcers, SaaS vendors, subcontractors, are often the entry point. Regular audits, contractual safeguards, and access monitoring reduce the risk.

3. Reputation is at stake
   The Naval Group episode and leaks at Orange demonstrate that the reputational damage of a breach can weigh as heavily as its technical impact. Crisis communication and governance are core elements of cybersecurity.
   
   

In this complex landscape, working with an experienced partner makes a decisive difference. IT services firms like Systelium support organizations in building tailored security strategies: audits, resilience planning, outsourced CISO governance, staff awareness programs, and regulatory compliance. With pragmatic methods and experts ready for both prevention and incident response, such partners help organizations anticipate threats and minimize losses.

In an era where every minute counts during an attack, having a tested, well-orchestrated security framework is no longer a luxury, it’s a survival necessity and a competitive edge.

For any cybersecurity project, or to build a CISO Office or SOC on a budget, please contact us. Or book a meeting with our head of cybersecurity.