Marks & Spencer (M&S) has revealed that the impact of a recent cyber-attack will continue to disrupt its online services until July, nearly two months after the initial breach. The company confirmed that customers have been unable to place online orders for almost a month, and that the ongoing disruption will result in a substantial £300 million hit to its profits representing a 30% dent, far worse than analysts had anticipated.
The ransomware attack, which occurred over the Easter weekend, targeted the company’s digital infrastructure, initially affecting its click-and-collect and contactless payment systems. It was later linked to a cyber-crime collective known as Scattered Spider, which is believed to have used illicit tools from the service DragonForce. The group has also been linked to similar attacks on Co-op and Harrods.
In a statement, M&S CEO Stuart Machin described the cyber-attack as “highly sophisticated and targeted,” but reassured stakeholders that it was only a temporary setback. “This incident is a bump in the road, and we will come out of this in better shape,” he said.
The cyber breach has stalled operations at a critical time for M&S, which is currently undergoing a transformation strategy that began in 2022 under Machin’s leadership. The turnaround includes modernising its product offerings, revamping store properties, and upgrading its digital and back-office systems. Prior to the attack, M&S reported a robust 22% rise in pre-tax profit to £875 million and a 6.1% growth in sales for the financial year ending March 2025.
Despite the positive trajectory, the attack has exposed vulnerabilities. Food sales were hit by reduced availability, while fashion, home, and beauty segments suffered due to the suspension of online orders. Logistics costs soared as manual systems were temporarily reintroduced.
While insurance may cover up to a third of the losses, M&S faces potential further costs including regulatory fines, legal challenges, and the price of enhancing its cybersecurity. Still, Machin remains optimistic, stating the attack has revealed “new and innovative ways of working” and could accelerate digital transformation.
