British retailer Marks & Spencer is facing long-term fallout after a sophisticated cyberattack disrupted operations and wiped out hundreds of millions in profit. Eye World can confirm that the incident, described by M&S executives as “highly targeted,” is expected to reduce operating profit by over £300 million ($403 million) in the financial year ending March 2026.
In response, M&S was forced to abandon digital systems, relying on manual processes to maintain food, clothing, and logistics flow. This led to significant supply chain challenges and empty shelves, frustrating consumers and damaging brand trust.
Digital Outage Persists as Recovery Takes Shape
The company’s online clothing division remains offline one month after the attack. CEO Stuart Machin stated that 85% of product lines should return online soon. Yet, full system restoration will likely extend through July.
While physical store sales held steady, the loss of online revenue—especially from clothing, beauty, and home categories—has significantly impacted overall performance. Higher waste levels and logistics costs in the food segment also added pressure. However, food sales began to stabilize last week.
Cybersecurity Misstep at Third-Party Vendor
M&S confirmed that attackers exploited human error at a third-party service provider using social engineering tactics. While the intrusion was detected quickly, the breach still allowed hackers to access sensitive systems and steal some personal customer data.
Despite the setback, executives maintain that the company had not underinvested in cyber security. “We didn’t leave the door open,” said Machin, emphasizing the quality of internal protocols and calling the event an unfortunate exception.
Investor Sentiment and Broader Industry Impact
Following the breach, M&S shares dipped nearly 9%, although they have partially recovered. Investor confidence remains cautious but stable, as analysts focus on the company’s underlying financial strength and ongoing transformation program.
M&S had previously reported its best adjusted pre-tax profit in over 15 years, up 22.2%, with food and clothing segments gaining market share. The timing of the attack was particularly unfortunate, as the business was mid-way through a high-performing fiscal year.
Retailers Face Growing Cyber Threats
This breach is part of a broader wave of ransomware and cyberattacks targeting UK institutions and global retail. Other major names such as the British Library, Co-op, Harrods, and even U.S. firms like Google have also suffered significant disruptions.
M&S plans to use this crisis as a springboard to modernize its tech infrastructure and strengthen cyber resilience. It also remains unclear whether a ransom was paid, though the focus remains on recovery and damage control.
