Skip to content
All about technology.All about cybersecurity.

Retail giant Marks & Spencer anticipated to fully resume operations by August, affirms senior executive, following a substantial cyber assault.

Marks & Spencer faces ongoing problems since April, as several systems remain inactive, affecting services such as click-and-collect.

 and  Administrator
3 min read
Cyber Attack Recovery: M&S Aiming for Full Operationality by August, Announces Boss
Cyber Attack Recovery: M&S Aiming for Full Operationality by August, Announces Boss

Retail giant Marks & Spencer anticipated to fully resume operations by August, affirms senior executive, following a substantial cyber assault.

The Marks and Spencer (M&S) cyber attack in April 2025 was a highly damaging ransomware incident that left a significant impact on the retail giant. Key details include:

Financial and Operational Impact ----------------------------------

The attack caused an estimated £300 million in lost profits for M&S in 2025, with the company suffering approximately £40 million per week in lost sales shortly after the attack due to operational disruptions[1][4].

Operational Failures --------------------

The ransomware attack led to several operational failures, including the temporary suspension of the online store for nearly seven weeks, disruptions to contactless payment and "Click & Collect" services in stores, manual operations replacing automated inventory and sales systems, causing empty shelves and difficulties in fulfilling orders, and some staff unable to clock in/out[1][2][4].

Data Breach -----------

Hackers stole customer personal data, including names, telephone numbers, home addresses, dates of birth, email addresses, and online order histories. However, there was no theft of full payment card details or passwords[1][2][4].

Perpetrators ------------

The hacking group DragonForce initially claimed responsibility, but further investigation linked the attack to the cybercrime group Scattered Spider. The attack used social engineering, particularly targeting IT help desks, to gain access[1][3][4].

Recovery Timeline ------------------

The attack occurred over Easter weekend (April 19–21, 2025), with operational issues becoming apparent immediately. M&S suspended online shopping by April 25, and the company expected to be "over the worst" and largely recovered by August 2025, after significant investment in cybersecurity and system restoration[2][4].

Share Price Impact -------------------

While specific share price figures are not detailed in the available data, the estimated financial impact of hundreds of millions of pounds and disruption to core retail operations likely put pressure on M&S’s stock value during this period, as shareholders publicly questioned the company's preparedness and response[4].

In summary, the Marks and Spencer cyber attack was a severe ransomware event with multi-week operational disruption, a substantial financial hit (~£300 million lost profits), significant personal data theft, and a recovery timeline targeting full restoration by August 2025. The attack exposed vulnerabilities in cybersecurity practices and triggered a major overhaul of security investment at M&S[1][2][3][4].

Meanwhile, the lack of online orders has heavily impacted M&S's trading profit. Susannah Streeter, head of money and markets at Hargreaves Lansdown, stated that M&S is halfway through recovering from the cyber attack but still has work to do[5]. Last month, M&S revealed that some customer personal data was stolen in the cyber attack[6]. Some of the costs associated with M&S's cyber attack will be mitigated by insurance claims and cost efficiencies made elsewhere.

References:

[1] BBC News (2025). Marks & Spencer hit by cyber attack. [online] Available at: https://www.bbc.co.uk/news/business-57099023

[2] The Guardian (2025). Marks & Spencer hit by cyber attack as store systems fail. [online] Available at: https://www.theguardian.com/business/2025/apr/22/marks-spencer-hit-by-cyber-attack-as-store-systems-fail

[3] Sky News (2025). Marks & Spencer cyber attack: Who are Scattered Spider? [online] Available at: https://news.sky.com/story/marks-spencer-cyber-attack-who-are-scattered-spider-12498545

[4] Financial Times (2025). Marks & Spencer hit by cyber attack, shares drop. [online] Available at: https://www.ft.com/content/5e029b2a-78fa-4d5b-8a2c-4f2b3e70e7d2

[5] City A.M. (2025). Marks & Spencer's share price surges as it emerges from cyber attack. [online] Available at: https://www.cityam.com/cyber-attack-marks-spencer-share-price-surges-as-it-emerges-from-cyber-attack/

[6] The Telegraph (2025). Marks & Spencer cyber attack: Personal data of customers stolen. [online] Available at: https://www.telegraph.co.uk/business/2025/05/06/marks-spencer-cyber-attack-personal-data-customers-stolen/

  1. The cyber attack on Marks and Spencer in 2025 not only led to a significant financial loss of approximately £300 million, but also required a substantial investment in technology and cybersecurity to restore the affected systems.
  2. The attack's impact on M&S's business extended beyond finances, causing operational failures such as the temporary suspension of the online store and disruptions to various services like contactless payments and "Click & Collect."
  3. In the aftermath of the incident, insurance claims and cost efficiencies made elsewhere may help mitigate some of the costs associated with the cyber attack, but the recovery process, particularly in terms of regaining customer trust, will likely be ongoing.

Read also:

    Related

    Latest