M&S profits plunge after costly cyberattack
A cyberattack forced M&S to halt online orders, disrupted logistics and exposed customer data. The retailer has restored services and says full operational recovery is on track.
Marks & Spencer says a major cyberattack around Easter forced it to shut its website to orders for about six weeks, disrupting logistics, emptying shelves and sending customers to rivals. The breach also exposed personal data, including names, email and postal addresses, and dates of birth.
The incident was traced to ‘human error’, according to chief executive Stuart Machin. M&S estimated the attack cost around £324 million in lost sales, partly offset by a £100 million insurance payout, and expects a total profit impact of about £136 million for the year.
Home delivery restarted in June, while click and collect returned in August, but fashion, home and beauty recovered more slowly than food as the retailer rebuilt systems and worked through backlogs. M&S says online trading has steadily improved and it expects operations to be fully restored by year-end.
The company has pledged tighter security controls and processes following the attack, which highlighted the vulnerability of retail supply chains to cyber incidents. The attack comes amid a surge in cyber incidents targeting UK retailers, including recent campaigns where hackers posed as IT staff to breach corporate networks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!