M&S betting on customer patience as cyber-attack threatens to ruin 2025's strong start
Marks & Spencer was enjoying a strong start to 2025 thanks to a fashion revival and the warm spring weather. That has now been seriously undermined as the retailer scrambles to deal with disruption caused by a massive cyber-attack it first revealed a week ago.
At a time when M&S – alongside most major retailers – are pushing more automation on its customers and workers, industry insiders say the retailer's staff have been forced to return to pens, paper and clipboards to check stock in stores as internal systems have been put on hold.
Every second counts now, for M&S's bottom line and for its reputation. Shoppers report problems with the use of gift cards in stores while thousands of orders made on or after 23 April have been cancelled. On Monday, it emerged that the difficulties were now affecting Ocado, as M&S's deliveries of a small number of packaged foods to the online specialist it co-owns, were hit.
The cyber-attack first hit stores just over a week ago, with M&S pausing contactless payments and the collection of online orders last Tuesday. On Thursday, those systems mostly restarted but M&S halted all orders on its website – which accounts for just over a third of clothing and homewares sales – amounting to almost £3.8m a day.
As Patrick O'Brien, a retail analyst at GlobalData, says, cyber-attacks can have major consequences for businesses. 'This is one of the most damaging cyber-attacks on a major UK retailer we have seen, the worst since Carpetright last year, which tipped an already very weak retailer into administration,' he says.
M&S is a much stronger and larger business than Carpetright and not likely to be at risk of collapse, but the attack is having a direct impact on sales and as O'Brien says, the longer the disruption goes on, the more likely customers are to take their money elsewhere.
While most of the problems did not start until the later part of the Easter bank holiday, according to M&S, the attack cut off a run of buoyant trading. What M&S says was a separate incident also affected contactless payments in stores on the Saturday before Easter.
Before then, sales had jumped almost 9% in the three months to 30 March, according to industry analysts Kantar, well above the wider fashion industry, as it continued to win over shoppers.
M&S may derive some comfort from the fact that this is not happening during a peak trading period such as before Easter or Christmas, and Clive Black, M&S's house broker at Shore Capital, said he expected the retailer to recoup any losses resulting from the attack via insurance.
Sign up to Business Today
Get set for the working day – we'll point you to all the business news and analysis you need every morning
after newsletter promotion
'The financial impact will be a zero sum game,' he says. 'I don't believe there will be enduring damage unless they don't manage to fix it.'
'There will be Mr & Mrs Angry from Tunbridge Wells but most people can see in the last decade that M&S has materially improved as a business and there will be some sympathy. This is not something it brought on itself but a malevolent force.'
O'Brien agrees: 'Customers are surprisingly forgiving.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Western Telegraph
26 minutes ago
- Western Telegraph
Marks & Spencer reopens website for orders after major cyber attack
The retail giant said shoppers are now able to buy a selection of its best-selling fashion ranges and new products for home delivery to England, Scotland and Wales. In a statement published on social media, M&S managing director of clothing, home and beauty John Lyttle said: 'More of our fashion, home and beauty products will be added every day, and we will resume deliveries to Northern Ireland and Click and Collect in the coming weeks. 'Thank you sincerely for your support and for shopping with us.' M&S has reopened its website for online orders for the first time in over six weeks (M&S/PA) It followed a major cyber attack in April that has seen the group face heavy disruption. M&S halted orders on its website over the Easter weekend, and was also left with some empty shelves after being targeted by hackers. Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was also taken by hackers in the attack. M&S revealed last month that the hack was caused by 'human error', and would cost it around £300 million. Chief executive Stuart Machin said on reporting annual figures in May that hackers gained access to the company's IT systems through a third party. He said at the time: 'We didn't leave the door open, this wasn't anything to do with under-investment. 'Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.' While its 565 stores have been able to remain open and trade throughout, contactless payments were impacted initially – while there was also some stock availability issues as it had to temporarily switch to manual processes following the attack. M&S said the incident is likely to drag its group operating profits down by around £300 million this year, but it expects this to be reduced through cost management, insurance and other reactions. The company suggested it could reduce the impact of the attack by as much as 'half'. Shares in M&S lifted 3% in Tuesday morning trading. The website has been open for browsing only since the hack, with the group confirming last month that online sales and profits in its fashion, home and beauty business have been 'heavily impacted' by the disruption. Mr Machin recently said the problems may not be fully resolved until July.
Rhyl Journal
28 minutes ago
- Rhyl Journal
Marks & Spencer reopens website for orders after major cyber attack
The retail giant said shoppers are now able to buy a selection of its best-selling fashion ranges and new products for home delivery to England, Scotland and Wales. In a statement published on social media, M&S managing director of clothing, home and beauty John Lyttle said: 'More of our fashion, home and beauty products will be added every day, and we will resume deliveries to Northern Ireland and Click and Collect in the coming weeks. 'Thank you sincerely for your support and for shopping with us.' It followed a major cyber attack in April that has seen the group face heavy disruption. M&S halted orders on its website over the Easter weekend, and was also left with some empty shelves after being targeted by hackers. Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was also taken by hackers in the attack. M&S revealed last month that the hack was caused by 'human error', and would cost it around £300 million. Chief executive Stuart Machin said on reporting annual figures in May that hackers gained access to the company's IT systems through a third party. He said at the time: 'We didn't leave the door open, this wasn't anything to do with under-investment. 'Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.' While its 565 stores have been able to remain open and trade throughout, contactless payments were impacted initially – while there was also some stock availability issues as it had to temporarily switch to manual processes following the attack. M&S said the incident is likely to drag its group operating profits down by around £300 million this year, but it expects this to be reduced through cost management, insurance and other reactions. The company suggested it could reduce the impact of the attack by as much as 'half'. Shares in M&S lifted 3% in Tuesday morning trading. The website has been open for browsing only since the hack, with the group confirming last month that online sales and profits in its fashion, home and beauty business have been 'heavily impacted' by the disruption. Mr Machin recently said the problems may not be fully resolved until July.
South Wales Guardian
41 minutes ago
- South Wales Guardian
M&S online shopping to return after cyber attack shut down
M&S was hit by a major cyber attack back in April with hackers gaining access to the company's IT systems through a third party after 'human error'. Customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken by hackers. As a result of the cyber attack, M&S was forced to pause all online and app orders and temporarily lay off staff at its Castle Donington clothing and homewares logistics centre. Percy Pigs latest victim of M&S cyber attack by teen gang 🐷. Empty shelves - including some wines and beer too. M&S spokeswoman says that to manage the hack it took 'some systems offline' resulting in 'pockets of limited availability'. Stock isn't coming to stores M&S stores have also been left with empty shelves in the past month due to the attack. However, M&S shoppers received good news on Tuesday (June 10) morning, with the retailer revealing it will be bringing back online shopping "this week". In a post on social media, M&S said: "We are bringing back online shopping this week. RECOMMENDED READING: M&S hit by Percy Pig shortage following cyber attack as shoppers left in shock M&S 'truly sorry' as it pauses online and app orders following cyber attack M&S discontinues popular home range leaving shoppers 'devastated' Is M&S's new Dubai-style chocolate worth £8.50? I did a taste test to find out "A selection of our best selling fashion ranges will be available for home delivery to England, Scotland and Wales. "More of our fashion, home and beauty products will be added every day and we will resume deliveries to Northern Ireland and Click and Collect in the coming weeks. "Thank you sincerely for your support and for shopping with us."
