Marks & Spencer Cyberattack: £300 Million Profit Hit and Ongoing Disruption
Marks & Spencer (M&S) is grappling with a significant cyberattack that has disrupted its operations and is projected to cost the retailer approximately £300 million in lost profits. The attack, which began over the Easter weekend, has primarily affected M&S's online services, with disruptions expected to continue into July.
How Did the M&S Hack Happen?
The cyberattack was executed through sophisticated social engineering techniques. Hackers, identified as the group "Scattered Spider," exploited vulnerabilities via a third-party supplier to gain access to M&S's systems. They obtained critical data, including the Windows domain controller's NTDS.dit file, allowing them to extract password hashes and infiltrate the network . This breach led to the deployment of ransomware, encrypting parts of M&S's infrastructure and causing widespread operational disruptions.
When Did the M&S Cyberattack Start?
Initial signs of the cyberattack emerged over the Easter weekend in April 2025. Customers reported issues with online payments and delays in receiving orders. M&S officially disclosed the cyber incident on April 21, 2025, acknowledging the breach and its impact on operations.
Stuart Machin - CEO of M&S
Financial Impact and Operational Disruption
The cyberattack has had a substantial financial impact on M&S. The company estimates a £300 million reduction in operating profits for the current year, primarily due to lost sales and increased operational costs . Online clothing and homeware sales have been heavily affected, with the suspension of online orders and the need to revert to manual processes for stock management. Additionally, the breach has compromised customer data, prompting regulatory investigations and raising concerns about data security.
Despite the challenges, M&S reported a 22% rise in pre-tax profits to £875.5 million for the year ending March 30, 2025. However, the ongoing disruptions have led to a decline in market capitalization, with shares dropping by 11% and over £1 billion wiped off the company's value according to The Guardian.
Response and Recovery Efforts
M&S has taken immediate steps to address the cyberattack, including accelerating planned IT system upgrades and implementing enhanced security measures. The company aims to reduce the financial impact through cost controls and insurance recoveries, although only £100 million is expected to be covered by cyber-insurance . CEO Stuart Machin emphasized the company's commitment to restoring operations and maintaining customer trust during this challenging period
