Skip to main content
close search
site logo

M&S warns April cyberattack will cut $400 million from profits

The U.K. department store chain warns online transactions will be disrupted through July and says food, fashion and home goods have experienced disruptions.

Published May 21, 2025
David Jones's headshot
Reporter
A general view of the exterior of the branch of retailer Marks and Spencer at Westfield White City on October 20, 2020 in London, England. Marks & Spencer said customer data was accessed in an April 2025 cyberattack.
The exterior of the Marks and Spencer branch at Westfield White City on Oct. 20, 2020, in London. Marks & Spencer warned an April 2025 cyberattack will have a $400 million impact on financial results. Leon Neal via Getty Images

U.K. department store chain Marks & Spencer said Wednesday that the cyberattack it disclosed in April will shave $400 million (300 million British pounds) off of its group operating profits and continue disrupting online transactions through July.

The company said the attack affected food sales because of reduced availability. Online sales and trading profits for fashion, home and beauty products have also suffered because of the company’s need to temporarily reduce online shopping services.

The company said department stores have remained resilient during the recovery process

“April started strong, continuing the momentum from last year,” M&S CEO Stuart Machin said during a prerecorded presentation as part of the company’s fiscal-year earnings report. “Then, over the Easter break holiday, it became clear we were facing a highly sophisticated and targeted attack.”

Machin said the company proactively took down some of its systems, which resulted in short-term disruptions but were necessary to protect its systems, customers and partners. 

M&S now plans to accelerate a technology improvement plan from a two-year time frame to a six-month time frame in light of the need to prevent another disruption. 

The company in 2023 outlined plans to improve its technology stack, including investments in infrastructure, network connectivity, store technology and supply-chain systems.

The company said the 300-million-pound financial impact from the cyberattack reflected a preliminary tally before cost mitigation, insurance and trading actions. 

Cybersecurity experts believe the M&S attack was the work of the notorious cybercrime gang Scattered Spider, a group best known for hacking MGM Resort in 2023. The same hackers also breached the famed U.K. department store Harrods and the major U.K. supermarket company Co-op between mid-April and early May. 

Google threat intelligence researchers have warned that the same group is now targeting U.S. retailers

The financial fallout at M&S highlights the potential impact of ransomware attacks on business operations and finances. 

“Time and time again, we see that business disruption is one of the most immediate and devastating effects cyberattacks can have,” Allie Mellen, principal analyst at Forrester, told Cybersecurity Dive via email.

“While no organization is immune to attack,” Mellen said, “taking fundamental steps ahead of time can help organizations prepare for and recover from this type of attack faster.”

Legal experts said the fallout from this attack may affect M&S for years.

“A challenge for any business dealing with a major breach is the opportunity cost created by the distraction from business as usual,” said Jo Joyce, a partner who co-leads the U.K. and Ireland cyber law practice at Taylor Wessing. “New initiatives and launches will be delayed or canceled, and the business will likely be significantly behind in its plans.”

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Fraud on the Rise: Highway Blocks 400,000 Scams in Q1 2025
From Highway
May 19, 2025
Highway logo
Anvil Secure Appoints John Collins as Chief Revenue Officer Amid Shifting Information Security…
From Anvil Secure
May 07, 2025
Anvil Secure logo
Bitcoin Tops $104K as Cloud Mining Gains Momentum — JA Mining Offers Regulated Entry Point and…
From JAMining
May 17, 2025
JAMining logo
Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.