Marks & Spencer has revealed that its online services will continue to experience disruption until July, following a cyber-attack last month. Customers have encountered difficulties placing online orders for nearly a month.
The retailer stated, “We anticipate that online disruptions will persist throughout June and into July as we gradually restart and scale up our operations.” The company estimates that the cyber-attack will result in a profit reduction of approximately £300 million for the current financial year, exceeding analysts’ previous forecasts and equating to a 30% drop in profits.
Stuart Machin, Chief Executive of M&S, commented, “In recent weeks, we have been dealing with a highly sophisticated and targeted cyber-attack, which has caused a period of disruption.” The attack took place over Easter, initially affecting click-and-collect services and contactless payments. M&S subsequently posted a notice on its website apologising for the unavailability of online ordering.
The ransomware attack is believed to have been carried out by a loosely affiliated group of cyber criminals known as Scattered Spider, who utilised tools from the cyber-crime service Dragon. This same group is suspected of targeting other retailers, including the Co-op and Harrods; however, M&S, a longstanding fixture on the British high street, has suffered the most significant consequences.
Mr Machin remarked, “This incident is merely a bump in the road; we will emerge from it stronger and continue our mission to transform M&S for our customers, colleagues, and shareholders.” M&S is currently three years into a turnaround plan initiated when Mr Machin became Chief Executive in 2022. This strategy involves refreshing in-store product ranges, updating the chain’s property portfolio, and overhauling digital technology and back-office systems.
According to Mr Machin, the strategy had placed M&S in its “best financial health for nearly three decades,” delivering results for the financial year ending in March, just before the cyber-attack disrupted operations at the end of April. M&S reported a 22% increase in profit before tax and adjusting items, reaching £875 million, with sales rising by 6.1%.
Mr Machin emphasised that the cyber-attack has highlighted “new and innovative ways of working.” He added, “If anything, this incident allows us to accelerate our transformation as we move forward.”
However, the attack will also affect M&S’s profits for the current financial year, as food sales were impacted by limited availability. In the fashion, home, and beauty categories, online sales were lost due to the suspension of online ordering. Additionally, increased waste and logistics costs, including a temporary return to manual processes, have further affected profitability.
While insurance is expected to cover roughly a third of the associated costs, there may be further expenses, including potential fines for data loss, legal action, and measures to protect the business from future attacks.
