Marks & Spencer faces $402 million profit hit after cyberattack

British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions.

In a Wednesday filing with the London Stock Exchange, the company cited losses related to recovery efforts, systems downtime, and significant sales disruptions.

While the full scope of the breach is still under investigation, M&S has confirmed that online retail systems are still disabled and expects the disruptions to last at least until July.

"Since the incident, Food sales have been impacted by reduced availability, although this is already improving. We have also incurred additional waste and logistics costs, due to the need to operate manual processes, impacting profit in the first quarter," the company revealed.

"In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient. We expect online disruption to continue throughout June and into July as we restart, then ramp up operations. This will also mean increased stock management costs in the second quarter," it added.

"Our current estimate before mitigation is an impact on Group operating profit of around £300m for 2025/26, which will be reduced through management of costs, insurance and other trading actions."

Scattered Spider targeting retail chains

BleepingComputer first reported that M&S was breached in an April ransomware attack where threat actors used a DragonForce encryptor to encrypt virtual machines on VMware ESXi hosts, leading to a significant impact on business operations on the retailer's 1,400 stores and forcing it to stop accepting online orders.

The attack was linked to the Scattered Spider, a collective of cybercriminals known for breaching high-profile organizations worldwide, and M&S later confirmed that the attackers stole customer data before encrypting the company's servers.

Since then, the same threat actors have been linked to two other attacks against British retail chains, with all three attacks being claimed by the DragonForce ransomware operation.

Co-op experienced another cyber incident and confirmed that the attackers stole data from many current and former members, while Harrods disclosed that it was forced to restrict internet access to sites after attackers tried to infiltrate its network.

The UK National Cyber Security Centre (NCSC) has also published guidance to help UK organizations strengthen their cybersecurity defenses since Scattered Spider began targeting UK retailers in April and has also cautioned that this wave of cyberattacks should be seen as a "wake-up call", given that any of them could become the next target.

Last week, Google warned that Scattered Spider threat actors are now also targeting retailers in the United States.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend