Marks & Spencer Anticipates $402 Million Profit Impact Due to Cybersecurity Incident

British retailer Marks & Spencer (M&S) is facing a substantial profit decline estimated to reach £300 million ($402 million) as a result of a recent cyberattack that disrupted its operations and sales significantly.

In a disclosure to the London Stock Exchange, M&S detailed the financial repercussions stemming from recovery efforts, system downtime, and substantial sales disruptions.

While investigations into the breach are ongoing, M&S has reported that its online retail platforms remain inoperative, with expectations for these disruptions to extend until at least July.

The retailer noted, “Since the incident, food sales have been negatively affected due to reduced product availability, although improvements are underway. We have incurred additional waste and logistics costs due to the necessity of manual processes, impacting our profits during the first quarter.”

In its Fashion, Home & Beauty sectors, online sales and trading profits have been significantly diminished following the decision to halt online shopping. However, brick-and-mortar stores have continued to show resilience. The company anticipates that online disruptions will persist through June and into July, which will subsequently lead to increased stock management expenses in the second quarter.

M&S has estimated that the gross impact on group operating profit for the fiscal year 2025/26 will be approximately £300 million, though this could be mitigated through cost management strategies, insurance, and other trading initiatives.

Targeting by Scattered Spider

The cyberattack on M&S has been associated with Scattered Spider, a group of cybercriminals known for targeting significant organizations across the globe. It was reported that an April ransomware incident led to the use of a DragonForce encryptor that affected virtual machines on VMware ESXi hosts, causing considerable operational impact across the retailer’s 1,400 locations.

M&S has confirmed that the attackers managed to steal customer information before encrypting the company’s servers. Following this incident, the same attackers have been implicated in additional breaches affecting other British retail chains, all of which have been claimed by the DragonForce ransomware collective.

Co-op recently faced a separate cyber incident, leading to the compromise of data from numerous current and former members. In addition, Harrods experienced network intrusion attempts that forced them to restrict internet access to particular sites.

The UK National Cyber Security Centre (NCSC) has disseminated guidance aimed at bolstering cybersecurity measures among UK organizations, particularly in response to an increase in attacks by Scattered Spider. The NCSC has emphasized the importance of recognizing this wave of cyber threats as a crucial warning for organizations to enhance their defensive postures.

Notably, reports indicate that Scattered Spider has expanded its targeting to include retail chains in the United States.