Overview
- Marks & Spencer estimates a £300 million hit to operating profits this year due to a ransomware attack, with efforts underway to mitigate losses through cost management and insurance claims.
- The cyberattack, linked to hacker groups DragonForce and Scattered Spider, led to the suspension of online orders, disrupted supply chains, and caused empty shelves in stores.
- Customer data, including names, emails, postal addresses, and dates of birth, was stolen, though payment details and passwords were not compromised.
- The company has reverted to manual processes, incurring additional costs, and expects online sales disruptions to continue through June and into July.
- UK cybersecurity and law enforcement agencies, including the National Crime Agency, are actively investigating the attack as similar incidents have also targeted other major retailers like Co-op and Harrods.