Marks & Spencer is still reeling from a major ransomware attack that could cost the iconic UK retailer up to $400 million. The company now warns that the impact of the cyberattack may continue to disrupt operations well into July, with online shopping still down and mounting losses across key departments.
In an update filed with the London Stock Exchange, M&S said the financial fallout from the breach could cut £300 million (around $400 million) from its operating profits over the course of 2025 and 2026. However, the company hopes to reduce that number through cost management, insurance claims, and other trading strategies.
The attack has caused widespread operational issues. With over 60,000 employees and 500 stores, M&S has been forced to revert to manual systems across parts of its operations. The result? Food sales have suffered due to limited availability, while extra waste and higher logistics costs are weighing on Q1 profits.
Although physical stores selling fashion, beauty, and home goods have remained open, the company’s online shopping platform has been brought to a standstill. That digital disruption is expected to stretch across June and possibly into July, with stock management costs expected to rise in Q2 as a result.
Behind the scenes, a ransomware gang known as DragonForce has claimed responsibility for the attack—not just on M&S, but also fellow UK retailers Harrods and Co-op. Google recently flagged the same group as now targeting retailers in the US, signaling a wider threat in the retail sector.
M&S has confirmed that sensitive customer data has been compromised. The stolen information includes names, home and email addresses, phone numbers, dates of birth, order history, and even partial payment card details—raising serious concerns about potential identity theft and fraud.
The breach originated through social engineering tactics aimed at employees of a third-party contractor. Sources told Reuters the contractor was Tata Consultancy Services, although neither Tata nor M&S have officially confirmed this.
So far, there’s no word on whether a ransom was paid. The company has remained tight-lipped about the attackers’ demands or negotiations, if any.
As M&S battles to regain control, the incident is a stark reminder of how deeply a ransomware attack can shake even the most established retailers. From digital sales freezes to reputational risk, the price of cyber insecurity keeps climbing.
