British retail giant Marks & Spencer (M&S) says it expects to lose approximately £300 million ($403 million) in operating profit due to a “highly sophisticated and targeted cyberattack” that continues to disrupt its operations more than a month after it was first detected, as per Al Jazeera.
In a business update published Wednesday, the company revealed that the attack, which began around the Easter weekend, forced it to shut down online shopping for food, clothing, homeware, and beauty products, and severely impacted in-store operations. M&S warned that the disruption is likely to continue until July.
The attack, which hit one of the UK’s most recognisable high street brands, rendered M&S’s automated stock systems unusable, forcing staff to rely on manual processes to move billions of pounds worth of inventory. This led to widespread shortages on store shelves and left customers frustrated by delays and unavailable products.
The company’s large online clothing service remains offline, and its stock market value has dropped by more than £1 billion since the breach was reported.
“This incident is a bump in the road, and we will come out of this in better shape,” said M&S CEO Stuart Machin. He confirmed that the company is working urgently to restore full functionality but did not disclose the source or nature of the cyberattack.
Earlier this month, M&S disclosed that customer personal data may have been compromised in the attack. Information potentially accessed includes names, email addresses, physical addresses, and dates of birth. The company has yet to confirm the total number of affected customers.
The timing of the attack comes as M&S was gaining momentum from a turnaround strategy launched in 2022. Chairman Archie Norman acknowledged the setback, stating, “In business life, just as you think you’re onto a good streak, events have a way of putting you on your backside.”
M&S, which employs around 65,000 people and operates 565 stores across the UK, said it expects to recover some of the financial hit through insurance claims, cost-saving measures, and other initiatives
M&S is not the only British retailer targeted recently. High-end department store Harrods and supermarket chain Co-op were also reportedly hit by cyberattacks around the same time, raising concerns about a broader vulnerability in the UK retail sector.
