Finance
M&S' slow recovery from cyberattack puts it at risk of lasting damage
Published by Global Banking & Finance Review®
Posted on May 19, 2025
5 min readLast updated: January 23, 2026
Global Banking & Finance Review®
Company
Published by Global Banking & Finance Review®
Posted on May 19, 2025
5 min readLast updated: January 23, 2026
M&S is recovering from a cyberattack, prioritizing safety over speed. The attack has cost significant profits and risks long-term brand damage.
By James Davey and Sarah Young
LONDON (Reuters) -A month after a costly cyberattack on one of Britain's best known retailers, Marks & Spencer has yet to restore online shopping as it prioritises safety over speed, while retailers worldwide race to boost their defences.
The attack on the 141-year-old M&S, has likely already cost it over 60 million pounds ($80 million) in lost profit, according to analysts. It has also wiped over 1 billion pounds from M&S' stock market value.
Hackers have also hit the Co-op and Harrods in Britain, and Google said last week those responsible were targeting U.S. companies.
So far, M&S has been positively surprised by customers' willingness to shop in-store instead of online, one person with knowledge of M&S's response to the attack told Reuters, although it is also nervous patience will run out.
The person said systems were being brought back online every day, but that the company was prioritising safety over speed.
The person, who asked not to be named because of the sensitivity of the issue, did not know when online clothing ordering would resume.
M&S has said very little about the cyber incident that it disclosed on April 22.
Three days later it stopped taking clothing and home orders through its website and app, and it said last week some personal customer information was stolen in the hack.
Cyber analysts and retail executives said the company had been the victim of a ransomware attack, had refused to pay - following government advice - and was working to reinstall all of its computer systems.
An M&S spokesperson declined to comment on the cyberattack, saying the company has been advised not to.
As systems were taken offline, some clothing, home and food products became unavailable in stores.
By Thursday, M&S' stock forecasting system for food was operating again, restoring normal flows from distribution centres to stores. It said availability was "looking better every day".
Neil Thacker, global privacy and data protection officer at cybersecurity company Netskope, said M&S was right to take its time. "They want to get it right, (so) that they recover to a better state than perhaps they were in previously," he said.
SCATTERED SPIDER AND DRAGONFORCE
A hacking collective known as Scattered Spider that deploys ransomware from a group calling itself DragonForce, has been blamed in the media for the attack.
One source told Reuters that at least two Tata Consulting Services employees’ M&S logins were used as part of the breach.
TCS, which provides IT services to the retailer and manages its help desk, declined to comment.
Two chief executives of UK retailers, a former retail CEO and other retail and cyber industry sources told Reuters that all companies were urgently reviewing their security systems.
For M&S, which had traded strongly before the cyberattack, the concern will not only be lost business and stock market value, but the risk of lasting damage to a brand that YouGov ranked as Britain's best last year.
CUSTOMER FRUSTRATION
Tracey Woolf, a 62-year-old interior designer, said on Wednesday she was looking for trousers for her father at rival Next as she could not order them online from M&S and staff had been unable to say whether they were available in stores.
"I just think a big company like that, that's been going all those years, should be on it by now," she said outside a large M&S store in Stratford, east London.
M&S, which has about 64,000 staff and 565 stores, has declined to quantify the financial impact so far as it misses out on sales of new season ranges. Online sales usually contribute around one-third of clothing and home sales.
One UK retail CEO gave an insight into what M&S might be thinking. He told Reuters, M&S had likely believed it could restore data and rebuild its systems without incurring too big a financial hit. But a month in, that gamble was now "getting interesting".
He said the risk would be, if M&S now decided to pay the ransom, the hacker would know M&S is in trouble and could raise the price. And when dealing with criminals, there is no guarantee systems would be restored.
The retail CEO said he knew of one hacked UK retailer he did not name who paid a 10 million pound ransom and got systems back.
PROBLEMS MOUNT
As the crisis drags on, M&S' problems will mount.
Analysts said store staff had worked hard to keep the business trading, but morale would suffer unless management can give them some timescale for a return to normal business.
M&S may have also made commitments to brands that trade on its website that it may not be able to keep.
As of Tuesday, Investec analyst Kate Calvert estimated about 68 million pounds of online orders would have been lost and another 17 million pounds if online ordering is still down on May 21 when M&S reports annual results.
Given the need for M&S to revert to more manual processes, labour costs and food wastage costs are also likely to have jumped, and the group faces the prospect of a larger than normal end of season clothing sale with deeper discounts to clear stock, potentially damaging profit margins.
Analysts at Deutsche Bank estimate a profit hit run rate of about 15 million pounds a week. They said cyber insurance would likely cover most of the impact but that is generally time limited.
Other British retailers just hope they will not be the next.
"If it can happen to M&S, it can happen to anyone," Thacker said.
(Reporting by James Davey and Sarah Young; additional reporting by Raphael Satter; editing by Barbara Lewis)
The article discusses M&S's slow recovery from a cyberattack and its potential risks and impacts.
The hacking group Scattered Spider, using ransomware from DragonForce, is blamed for the attack.
The cyberattack has cost M&S over £60 million in lost profit and affected its stock market value.
Explore more articles in the Finance category
