Listen to the article
British retailer Marks and Spencer has reported a devastating impact from a cyberattack earlier this year, with half-year profits plummeting by more than 55% after the incident crippled its online operations.
According to a statement released Wednesday, M&S saw its underlying pretax profits tumble to £184.1 million ($240 million) in the six months to September 27, compared to the same period last year. The dramatic decline was primarily due to a 40% collapse in online home and fashion sales after the company was forced to suspend website orders for approximately six weeks.
The cyberattack, which occurred around the Easter weekend, has been described as one of the most disruptive in British corporate history. M&S attributed the breach to “human error” but did not elaborate on specific security vulnerabilities that were exploited. The hack resulted in £324 million in lost sales, though the company was able to recover £100 million through an insurance payout.
Beyond immediate sales losses, the attack exposed customers’ personal data, potentially including names, email addresses, postal addresses, and dates of birth. The company’s logistics systems were severely disrupted, leading to empty shelves in stores and a complete halt to online operations.
“The first half of this year was an extraordinary moment in time for M&S,” said Stuart Machin, chief executive of the retailer. “We are now getting back on track.”
The fashion division bore the brunt of the damage, with overall sales down 16.4% in the first half of the year and online sales plummeting by 42.9%. While the company’s food business performed relatively well, helping to cushion some of the blow, the full financial impact of the attack is expected to reach approximately £136 million, including an additional £34 million in the final six months of the year.
M&S has been working to restore normal operations since the attack, resuming home deliveries in June and reactivating click-and-collect services in August. The company reports that online sales have been improving, with expectations that overall trading will fully recover by the end of its financial year. However, it acknowledged that the recovery has been slower in fashion, home, and beauty segments compared to its food business.
Market analysts have expressed concern about potential long-term consequences. Dan Coatsworth, head of markets at AJ Bell, described the situation as a “catastrophic summer” for M&S, noting that “its rivals made hay while the sun shone, with Next among the names luring customers away from M&S during the lengthy period of disruption.”
Coatsworth added that the slower recovery in clothing sales compared to food suggests “some people who tasted the flavors of rival retailers might not necessarily come back quickly,” raising questions about lasting damage to customer loyalty.
The attack on M&S is part of a concerning pattern affecting British retailers. Luxury department store Harrods and supermarket chain Co-op have also been targets of cyberattacks in recent months, though investigations are ongoing to determine whether these incidents are connected.
Cybersecurity experts, including those from the U.K.’s National Cyber Security Centre, have warned that generative artificial intelligence is accelerating cyber threats. They emphasize that businesses and individuals must remain vigilant, stay informed about evolving threats, and strengthen their defenses against increasingly sophisticated cyberattacks.
The M&S incident serves as a stark reminder of the substantial business risks posed by cybersecurity breaches in today’s digital retail landscape, where even temporary disruptions to online operations can have severe and lasting financial consequences.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
9 Comments
Cyberattacks are an unfortunate reality for businesses today, and the fallout can be severe. While the £100 million insurance payout helps, M&S is still facing massive losses from this incident. Strengthening their security should be a top priority to prevent future attacks.
Absolutely. Investing in robust cybersecurity is critical, especially for companies that rely heavily on online sales and customer data. M&S will need to thoroughly review their systems and implement best-in-class security measures to protect against future breaches.
This is a stark reminder of the importance of cybersecurity, especially for major retailers with substantial online operations. A 55% drop in profits is a huge financial hit – M&S will need to work hard to regain customer trust and rebuild their e-commerce capabilities.
Cybersecurity breaches can have devastating impacts on businesses, especially for retailers relying heavily on online sales. It’s concerning to see the scale of M&S’s losses from this incident. Hopefully they’ve taken steps to strengthen their systems and prevent future attacks.
You’re right, cyberattacks can be hugely disruptive. M&S will need to carefully review its security protocols and invest in robust cybersecurity measures to protect customer data and avoid similar disruptions going forward.
A 55% drop in profits is a significant blow for any business, especially a major retailer like M&S. Cyberattacks can be incredibly disruptive and costly. M&S will need to carefully review their security practices and invest in robust cybersecurity measures to prevent similar incidents in the future.
Agreed. Retailers like M&S hold a tremendous amount of customer data, so they need to have the highest levels of cybersecurity in place. Rebuilding customer trust after an attack like this will also be a major challenge for the company.
Cyberattacks can be devastating for businesses, especially those relying heavily on online sales. It’s unfortunate to see the scale of the financial impact on M&S – a 55% drop in profits is a huge setback. They’ll need to focus on strengthening their cybersecurity to prevent future incidents.
Concerning to see the huge impact this cyberattack had on M&S’s profits. Retailers need to be extremely vigilant about cybersecurity, as a breach can be devastating to both finances and customer trust. Hopefully M&S emerges from this incident stronger and more secure.