**Marks & Spencer Warns of Prolonged Disruption Following Major Cyber Attack**
Marks & Spencer (M&S), one of Britain’s best-known retailers, has issued a stark warning to customers and investors following a significant cyber security incident that has severely hampered its operations. The retailer disclosed on Wednesday that the fallout from the attack, which occurred in late April, could result in continued disruption to both its physical stores and its online services, potentially lasting into July.
Stuart Machin, the company’s Chief Executive, addressed customers directly, expressing gratitude for their patience whilst also sounding a note of caution. He reiterated that the company has suffered considerable operational difficulties, leading to empty shelves at some locations and a complete shutdown of online ordering since 25 April. The incident itself was reported three days earlier, on 22 April, highlighting the rapid escalation and impact of the breach.
Speaking to investors, Mr Machin explained that the repercussions extend well beyond customer inconvenience. He estimated the attack could wipe as much as £300 million off trading profits, illustrating the seriousness with which M&S is treating the ongoing disruption. Fashion, homeware, and beauty departments—sectors heavily reliant on online sales—have been notably affected, with both revenue and profit figures taking a sharp downturn during the recovery period.
The hack, believed to have been orchestrated by a group known as Scattered Spider—a group previously linked to high-profile breaches at other major UK retailers—has forced M&S to instigate wide-ranging changes in its operations. The company is reported to have been infiltrated via a third-party supplier, rather than through its own systems directly, an increasingly common vector in such large-scale attacks.
Following the event, M&S confirmed on 13 May that some customer data had been accessed by the attackers. While reassuring customers that full payment card details were not stored and thus were not obtained, the retailer admitted that names, addresses, contact information, dates of birth, and order histories could all have been compromised. For affected customers, this raises ongoing concerns about privacy and the potential long-term impact of the breach.
Mr Machin attributed the incident to a “human error” but declined to confirm whether any ransom demand had been met, maintaining that M&S’s priority has been to contain the threat and stabilise its systems. The company moved swiftly, working “around the clock with suppliers and partners” to address the breach, limit disruptions, and implement temporary manual processes to keep stores stocked. Despite these efforts, food supply in particular was affected, especially over the busy Easter weekend, resulting in sporadic shortages and increased wastage.
As part of its response, M&S said it is accelerating its digital transformation efforts, implementing new operating methods and innovative working practices born out of necessity. The retailer hopes that these enforced changes will leave it better equipped for the future, even as it grapples with the immediate fallout. “We are focused on recovery,” Mr Machin said, “with the aim of exiting this period a much stronger business.”
Prospects for the rest of the first half of the year remain uncertain, with online shopping likely to be impacted well into the summer months. M&S did, however, indicate that food stock levels are beginning to normalise, and reiterated its intention to restart online orders “within a matter of weeks”—though it stressed this recovery would be gradual.
The incident highlights the evolving cyber threats facing major retailers and the broader implications for customer trust and operational resilience. Both investors and shoppers will be watching closely as M&S works to restore full service and secure its systems against further breaches in an increasingly complex digital landscape.