October 2025 brought disruptions across cloud infrastructure and retail sectors, exposing vulnerabilities in enterprise IT systems.

AWS Outage

Amazon Web Services experienced its second outage in October 2025, affecting hundreds of websites and applications worldwide. The incident emerged from DNS resolution failures that prevented proper routing of traffic to AWS services.

Protect Your Data with BDRShield

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Services Affected: Core services including EC2, S3, and DynamoDB were affected. These services form the core of countless websites and applications, making the impact widespread.

Root Cause: DNS resolution failures prevented access to cloud resources. Traffic could not be properly routed to AWS infrastructure, which stopped the access for businesses that depend on these services.

Business Impact: Companies relying on AWS faced downtime that resulted in lost revenue and disrupted customer experience.

Download Banner

The incident showed how dependent companies are on centralized cloud systems.

Key Takeaways:

  • Two outages in a month show the risk of relying on a single cloud provider
  • Companies should adopt multi-cloud or failover strategies to reduce risk
  • Regular disaster recovery tests help ensure business continuity
  • Service level agreements (SLAs) should be reviewed for clarity on compensation and accountability

Microsoft Azure Outage

On October 29, 2025, Microsoft experienced an outage affecting Azure, Microsoft 365, and authentication systems. The disruption occurred hours before the company’s quarterly earnings announcement.

Services Impacted: Azure cloud services, Microsoft 365 productivity tools, and authentication systems were all affected. Consumer platforms including Xbox and Minecraft also experienced disruptions. Organizations using Azure for authentication services could not access business applications.

Root Cause: The outage was traced to a DNS failure linked to a software defect in the Azure Front Door configuration deployment process. This defect cascaded across Microsoft’s ecosystem, affecting both enterprise and consumer platforms.

Microsoft’s Response: The company reverted to stable configurations to restore services. All further deployments were halted immediately to prevent recurrence. The incident response showed the importance of having rollback procedures in place.

Marks & Spencer Ransomware Attack

In April 2025, Marks & Spencer suffered a ransomware attack that disrupted both in-store and online operations. The financial impact was estimated between £270 million and £440 million.

Attack Details: The breach involved impersonation techniques that exploited third-party Marks & Spencer Ransomware Attack

In April 2025, Marks & Spencer was hit by a ransomware attack that disrupted in-store and online operations. Estimated losses were £270 million – £440 million.

How it happened: Attackers used impersonation techniques to exploit third-party access in M&S’s vendor network.

The TCS Contract Situation: In July 2025, M&S ended its IT service desk contract with Tata Consultancy Services (TCS). This decision sparked speculation about a connection to the cyberattack. However, both companies clarified the situation.

The contract termination followed a competitive procurement process that began in January 2025, before the cyberattack occurred. The decision was not directly linked to the security breach. Internal investigations cleared TCS of any involvement in the attack. TCS does not provide cybersecurity services to M&S, which uses a different partner for security. The broader partnership between M&S and TCS continues across other IT and technology services.

Impact: Stores and websites went offline, transactions failed, and inventory systems were disrupted.

Third-party risk: The breach showed how attackers now target vendor relationships to gain access.

Key actions for organizations:

  • Strengthen vendor access controls and monitor them continuously
  • Conduct regular vendor security assessments
  • Use strong identity verification for all external users
  • Ensure tight coordination between IT and cybersecurity vendors
  • Maintain cyber insurance and financial reserves for recovery

What These Incidents Tell Us

1. Cloud Dependency

The AWS and Azure incidents prove that even top providers can fail. Businesses should:

  • Use multiple cloud providers to spread risk
  • Keep hybrid or on-premises backups
  • Build geographic redundancy and clear communication plans
  • Leverage independent backup solutions to ensure data availability

2. Third-Party Security

The M&S case shows the danger of vendor vulnerabilities. Organizations need to:

  • Perform security checks at the start and throughout vendor contracts
  • Continuously monitor vendor access
  • Include clear security obligations in contracts
  • Audit and test vendor systems often
  • Coordinate incident response across all partners

3. Defense in Depth

No single control can stop every threat. Strong protection includes:

  • Multi-factor authentication (MFA) everywhere
  • Zero-trust architecture principles
  • Network segmentation to limit attack spread
  • Security awareness training for employees
  • Advanced threat detection and response tools

How Third-Party Backup Reduces Downtime

Outages and ransomware incidents show that even trusted providers and systems can fail. A third-party backup solution can drastically reduce downtime and data loss by:

  • Providing independent data copies outside your main cloud provider’s environment
  • Enabling quick restores when cloud services go down or data is deleted accidentally
  • Offering granular recovery for specific files, mailboxes, or applications without waiting for the provider’s fix
  • Supporting cross-cloud recovery, so operations can continue even if one platform fails
  • Ensuring compliance and data retention independent of service provider outages

In short, third-party backup acts as a safety net, ensuring business continuity even when primary systems fail.

cybersecurity and data resilience are fundamental to business survival. Whether managing cloud infrastructure, retail operations, or any digital service, these lessons demand attention and action.

Experience next-level data resilience with BDRShield, a cloud-managed hybrid backup solution designed for modern organizations. With built-in cyber resilience, AI-driven monitoring, and automated failover, BDRShield ensures your critical data is always protected, recoverable, and compliant. Try for free and safeguard your operations before disaster strikes.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post