British retail giant Marks & Spencer (M&S) announced that a “highly sophisticated” cyberattack will cost the company approximately £300 million ($403 million) in operating profit, with disruptions expected to persist into July.
The attack, which struck on April 22, has crippled M&S’s online clothing operations, led to empty food shelves in some stores, and erased over £1.2 billion from its stock market value, sending ripples of concern through the UK retail sector.
Chief Executive Stuart Machin described the incident as a “bump in the road,” expressing gratitude for customers’ unwavering support while emphasizing M&S’s resilience, built over its 140-year history.
Scope and Impact of the Cyberattack
The cyberattack, linked to the hacking group Scattered Spider, compromised M&S’s systems via a third-party contractor, with hackers operating undetected for approximately 52 hours before detection.
The breach forced M&S to halt online clothing and home orders, disrupt click-and-collect services, and revert to manual processes, significantly impacting its fashion, home, and beauty divisions.
Food supplies, initially hit by reduced availability and higher waste costs, have largely recovered, with distribution centers now operating at normal levels. However, the online platform remains offline, costing an estimated £4 million daily in lost sales, according to Bank of America analysts.
The attack also exposed personal data of up to 9.4 million active online users, including names, addresses, phone numbers, and order histories, though no usable payment details or passwords were compromised.
ALSO READ | Cyera Soars to $6 Billion Valuation in Latest Cybersecurity Funding Triumph.
Financial and Legal Fallout
M&S expects to offset some losses through cost-saving measures and a potential £100 million insurance payout, one of the largest in UK retail history.
Despite these efforts, the financial toll is significant, with Barclays analysts projecting a £200 million hit for the 2025/26 fiscal year.
The company’s share price dropped nearly 3.5% on Wednesday, following a £1.2 billion loss in market value since the attack’s disclosure.
Additionally, Scottish customers whose data was stolen are pursuing a multimillion-pound class-action lawsuit, further complicating M&S’s recovery.
CEO Stuart Machin faces a personal financial impact, potentially losing over £1.1 million in share plans and bonuses due to the share price decline.
Did You Know?
The hacking group Scattered Spider, suspected in the M&S attack, is known for sophisticated ransomware campaigns targeting retail and tech sectors, often exploiting third-party vulnerabilities.
Broader Retail Sector Implications
The M&S breach is part of a series of cyberattacks that have targeted UK retailers, including Co-op and Harrods, and reports indicate that hackers are now also targeting U.S. companies.
This has heightened industry-wide urgency to bolster cybersecurity, particularly as retailers rely increasingly on digital infrastructure.
The attack exposed vulnerabilities in third-party access points, prompting calls for stricter vendor security protocols.
Cybersecurity experts estimate M&S’s full recovery could take up to three years, highlighting the long-term risks to brand trust and customer loyalty.
Meanwhile, retailers globally are investing heavily in defenses, with some adopting AI-driven security tools to detect and mitigate threats in real time.
ALSO READ | Cybersecurity Summit 2025: Animal Kingdom Insights and Global Risk Strategies Unveiled
Customer and Operational Response
M&S has urged customers to stay vigilant for scams, recommending password changes and multi-factor authentication to protect accounts.
The retailer notified millions of Sparks rewards program members about the data breach, reassuring them that in-store operations remain resilient.
Some shoppers have noted an upside, with M&S applying generous discounts on products to manage excess stock caused by supply chain disruptions.
Despite these challenges, M&S reported strong performance before the attack, with analysts forecasting a 5% sales increase to £13.8 billion and a pre-tax profit of £840 million for the year ending March 31, 2025.
Comments (0)
Please sign in to leave a comment
No comments yet. Be the first to share your thoughts!