M&s warns cyber attack chaos will last months and will wipe £300m off profits

MARKS & SPENCER SAYS IT HAS BEEN MANAGING A "HIGHLY SOPHISTICATED CYBER INCIDENT" - AND THAT ONLINE SALES MAY NOT RESUME UNTIL JULY 07:19, 21 May 2025Updated 08:07, 21 May 2025

Marks and Spencer has warned the cyber attack which has paralysed its online sales for a month could wipe around £300million off its annual profits and last until July. The huge hit - which

is before factoring in what it may get back through insurance - does not include the blow to takings. In its first update on timings, M&S says it expects online clothing and homewares

sales to continue to be impacted throughout June and into July as it restarts its operations. By then, it could be three months since the incident first occurred. While M&S has not given

details of the hit to sales, experts have estimated it is losing around £40million worth of takings for every week its online operation is crippled. Its online arm saw 'active'

customer numbers jump to over 10 million last year, with sales of £1.35billion. In an update, M&S said: "We expect online disruption to continue throughoutJune and into July as we

restart, then ramp up operations. This will also mean increased stock management costs in the second quarter." Article continues below Boss Stuart Machin said: "Over the last few

weeks, we have been managing a highly sophisticated and targeted cyber attack, which has led to a limited period of disruption. We have tackled this head on with incredible spirit, teamwork

and deep sense of responsibility as we prioritised serving our customers. "It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of

exiting thisperiod a much stronger business. There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate

the pace of change as we draw a line and move on." He went on: "Over the last 140 years, M&S has overcome many challenges - testament to the longevity of this brand. This

incident isa bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders. "I would like to thank

all of our colleagues and supplier partners for their hard work and dedication and, importantly thank our customers. They have been unwavering in their support, and we are incredibly

grateful for their patience and trust in M&S.” It came as M&S revealed profits jumped 22.2% at £875.5million in the year to April - highest in over 15 years - but before the cyber

attack emerged. M&S’s online clothing sales have been paralysed since April 25. A message on its website reads: “As part of our proactive management of a cyber incident, we have made the

decision to pause taking orders via our M&S.com websites, apps and over the phone.” Days earlier - on April 22 - the company revealed it had suspended contactless payments in store

because of a “cyber incident”. They resumed soon after. Online has become an increasingly important to M&S - as for other retailers - and had more than nine million “active” customers

and almost £1.3billion of sales in its previous financial year. The saga has also hammered M&S’s reputation - and share price - just as it was recovering after many years of failed

overhauls. More than £1billion has been wiped off its stock market value since the attack was first revealed. Reports say M&S has been positively surprised by customers’ willingness to

shop in-store instead of online, although it is also nervous patience will run out. M&S is among a wave of companies struck by ransomware - a form of malicious software designed to

burrow into companies’ systems, steal commercially sensitive information, which is then locked, with crooks demanding their victims pay money before handing them the key. Neil Thacker,

global privacy and data protection officer at cybersecurity company Netskope, said M&S was right to take its time. “They want to get it right, (so) that they recover to a better state

than perhaps they were in previously,” he said. Shoppers have been warned another potentially crippling cyber attack on a British retailer is “inevitable”. Graeme Stewart, head of public

sector at security company Check Point, said attempted ‘ransomware’ attacks on UK retailers had surged in the past two months, with the sector going from the twelfth most targeted to fifth.

The top four, ominously, are all in the public sector, typically higher education, the NHS, local government and the Ministry of Defence. Asked if it was inevitable that another retailer

would fall prey to cyber attackers, Mr Stewart said: “Yes, because what happens with these sorts of things is that they come in waves.” Police are investigating the attack on the M&S, as

well as the Co-op and Harrords. The focus is a notorious group of hackers calling itself Scattered Spider, which is believed to include members - some in the UK - as young as 16. Article

continues below “We are looking at the group that is publicly known as Scattered Spider, but we’ve got a range of different hypotheses and we’ll follow the evidence to get to the offenders,”

Paul Foster, head of the NCA’s national cyber crime unit, said in a new BBC documentary. In light of all the damage that we’re seeing, catching whoever is behind these attacks is our top

priority,” he added.