M&S Warns Major Cyber-Attack Could Cost £300m and Last Until July

_{Photo Credit: RiuWvn OPimoza 0311 via Wikimedia}

The UK’s biggest clothing retailer, Marks & Spencer (M&S), has warned that a recent ransomware attack could reduce its operating profit by approximately £300 million, with disruptions expected to continue into July. 

The attack is attributed to the hacking group ‘Scattered Spider’, which extorted the US casino giants Caesars Entertainment and MGM International in 2023. The cyber attack has caused significant disruption to M&S, forcing it to suspend online orders. Deliveries to its stores have also been disrupted, including those to its partner Ocado. 

Customer data, including names, addresses, dates of birth, and order histories, was also compromised during the breach. Usable card details and passwords, however, were not accessed.

Despite this significant cost, M&S reported a 22% increase in pre-tax profits to £876 million for the year ending 30 March 2025, with sales up 6% to £13.9 billion. The company stated it was in strong financial health before the attack in late April 2025, holding over £400 million in net funds.

The attack highlights the increasing threat of cybercrime in retail, with other notable British retailers like Co-op and Harrods also recently targeted in similar attacks.