M&S Say Cyberattack Cost Them £300m In Profit As Disruption Continues
Marks & Spencer is facing serious fallout after a sophisticated cyberattack over Easter weekend disrupted operations and forced the retailer to shut down their online shopping. The attack, which the company believes came from the hacker group Scattered Spider, has cost M&S around £300 million in expected profits for this year. Online services are expected to remain disrupted as parts of the site remain down through June and going into July, with fashion, home, and beauty sales hit hardest. In-store food sales were also affected due to reduced availability and increased waste as the company temporarily returned to manual processes.
Chief Executive Stuart Machin confirmed that the hackers gained access through a third-party partner and used social engineering techniques, not just technical vulnerabilities. “We took our online system down ourselves to protect the website and customers,” he said. Despite the setback, Machin emphasized that “this incident is a bump in the road” and expressed confidence in the company’s recovery. M&S is now working to cut the financial damage through insurance and cost-saving efforts, while using the crisis to push ahead with its tech overhaul.
Before the breach, M&S had reported its best financial results in 15 years, with a 22% rise in pre-tax profit and sales growth across all divisions. But the hack has wiped over a billion pounds off its market value and spooked investors, with shares down over 13% since the attack. While customer payment data wasn’t stolen, personal information was accessed, raising concerns about potential fines from data regulators in the coming months.
