British retail giant Marks & Spencer (M&S) has announced that the highly sophisticated cyberattack it suffered in April will result in an estimated loss of £300 million ($403 million) in operating profit. The company said online disruption is expected to continue into July, marking one of the most significant retail cyber incidents in the UK in recent years.
The April 22 cyberattack forced M&S to suspend clothing and home orders on its website and app, causing widespread disruption to its food and fashion operations. The company, which employs 64,000 people and operates 565 stores, said some food shelves had gone bare, and it had temporarily reverted to pen-and-paper systems to manage logistics and inventory.
Food division recovers, but fashion and online sales remain hit
M&S noted that while food supplies have stabilised, its fashion, home, and beauty division continues to experience losses due to paused online sales. The company confirmed that restarting systems and ramping up operations will extend well into the summer.
Also read: Britain Urges Firms to Prioritize Cybersecurity After Attacks
In its statement, the retailer acknowledged increased food waste and logistical costs due to the incident. Despite these challenges, M&S said its physical retail stores remained resilient, helping cushion the impact.
Customer data breach and broader industry implications
The company also revealed that some personal customer data was compromised in the breach. The full extent of the data theft has not been publicly detailed, but the breach has added to growing concerns over cybersecurity in retail.
The attack on M&S follows similar incidents at Harrods, Co-op, and several global companies. Last week, Google disclosed that cyber attackers believed to be behind these hacks were also targeting firms in the United States, indicating a broader, coordinated threat across retail and tech sectors.
Leadership response and recovery outlook
M&S CEO Stuart Machin called the incident “a bump in the road” and affirmed that the company remains committed to transforming its operations. He praised customers for their continued patience and pledged to emerge stronger as systems are rebuilt and upgraded.
The incident has erased over £1 billion from M&S’s market value, highlighting the serious financial and reputational risks posed by cyberattacks to even the most established retail brands.
(This news was first reported by Reuters.)
