- I tested a $49 OTC continuous glucose monitor for two weeks; it's not just for diabetics
- Open MPIC project defends against BGP attacks on certificate validation
- Netflix is cutting off older Fire TV devices in a few days - how to see if you're affected
- Why the argument for WFH could get a big boost from AI
- Oversharing online? 5 ways it makes you an easy target for cybercriminals
M&S Braces for £300 Million Cyber-Attack Costs
Marks & Spencer (M&S) estimates its ongoing cyber-incident to cost around £300m ($400m).
These costs will primarily be from lost sales, with the retailer forced to suspend online orders as part of efforts to mitigate the attack, which began in April 2025.
This has heavily impacted sales in its fashion, home and beauty range.
The firm also revealed that food sales have been impacted by reduced availability. It has incurred additional waste and logistics costs due to the need to operate manual processes.
M&S added that it does not expect online orders to resume until July, resulting in increased stock management costs in the second quarter of the financial year 2025/26.
The firm aims to reduce the impact on operating profit though management of costs, insurance and other trading actions. It is expected that costs directly relating to the incident will be presented separately as an adjusting item when it publishes its financial results for 25/26.
The new trading update related to the 52 weeks ended March 29, 2025, before the suspected ransomware attack took place.
M&S reported its highest pre-tax profits in over 15 years for the financial year 2023/24.
M&S Vows to Enhance Operational Resilience
The company said it aims to “make the most of the opportunity” provided by the disruption to accelerate plans to upgrade infrastructure and network connectivity, store and colleague technology and supply chain systems.
This is designed reduce the inter-dependency of systems and improve operational resilience.
M&S Chief Executive Stuart Machin described the incident as “bump in the road” and vowed that it would not impact the retailer’s growth strategy.
“It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business. There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate the pace of change as we draw a line and move on,” Machin commented.
Ransomware’s Disruptive Impact
The M&S update did not give further details about the nature of the cyber-attack, which has been widely reported to have been perpetrated by the Scattered Spider ransomware group deploying DragonForce ransomware.
The firm’s expected losses highlight how ransomware attacks can cause significant financial impacts for victims, including recovery costs and loss revenue.
A report by the Ponemon Institute in January 2025 found that 58% of ransomware victims in 2024 were forced to shut down operations in order to recover, while 40% reported significant revenue losses as a result of the attack.
M&S revealed in an update on the cyber incident on May 13 that personal details of customers were stolen by the attackers.
This includes personal contact information and online order history, putting individuals at risk of follow-on social engineering attacks and financial fraud.
