British retailer Marks & Spencer said today that a “highly sophisticated cyber” attack would cost it about £300m in operating profit, with disruption set to run into July.
The attack on one of the biggest names in retailing, with 64,000 staff and 565 stores, sent shockwaves through the sector.
It forced its online clothing operation offline, left some food shelves bare, and wiped over £1 billion from the company’s stock market value.
M&S, which was trading strongly before the hack, said online disruption would continue throughout June and into July as it restarts systems and then ramps up operations.
It said its food division had been hit by reduced availability and higher costs due to waste and logistics as it was forced to return to pen and paper systems.
It said food supplies had since improved but its fashion, home and beauty division would continue to suffer as its online sales and trading profit had been heavily impacted by the decision to pause online shopping.
Stores “remained resilient”, it said.
Chief executive Stuart Machin said the retailer had overcome many challenges in the last 140 years.
“This incident is a bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders,” he said.
Customers had been “unwavering in their support”, he said, and he was incredibly grateful for their patience and trust.
M&S disclosed the attack on April 22. Three days later it stopped taking clothing and home orders through its website and app.
It said last week that some personal customer information was also stolen in the hack.
With hackers having also hit the Co-op and Harrods in Britain, and Google saying last week those responsible were targeting US companies, retailers worldwide are racing to boost defences.
