The £300m cyber attack: M&S warns of huge hit to profits after hack halted orders on website and caused empty shelves

21 May 2025, 07:34 | Updated: 21 May 2025, 09:51

Marks and Spencer has said disruption from a major cyber attack is expected to continue through to July and reduce operating profits by around £300 million before action to offset the hit.

The high street giant halted orders on its website and saw empty shelves after being targeted by hackers around the Easter weekend.

A hacking collective dubbed 'Scattered Spider' have been reported to be behind the attack. The attackers allegedly got into M&S’s IT systems via a contractor.

The retailer revealed on Wednesday morning that online sales and profits in its fashion, home and beauty business have been “heavily impacted”.

Meanwhile, food sales were affected by reduced availability but the business stressed this is “already improving”.

M&S said the incident is expected to drag its group operating profits down by around £300 million this year, but expects this to be reduced through cost management, insurance and other reactions.

Who are hacking group Scattered Spider?

A collective group of cyber attackers, Scattered Spider have gained themselves quite a reputation in the hacking world and are even linked to system attacks on other huge companies such as MGM Resorts and US casino brand Caesars, costing them millions.

Scattered Spider are said to be a cybercriminal group who typically targets large companies and their IT desks.

Also known as Octo Tempest, they are thought to be unusual because they are English and American, with many groups like this typically being based in Russia.

Previous Scattered Spider findings have said participants in this group are surprisingly young, in their mid-20s, with some as young as 16.

Chief executive Stuart Machin said: “It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.

“There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate the pace of change as we draw a line and move on.”

Earlier this week it was reported that Mr Machin, who has been leading a turnaround at the clothing and food chain, could have more than £1 million cut from his annual pay package after the cyberattack wiped about 14 per cent from the company’s share price.

The hack which caused Marks & Spencer to halt online sales for five days has been linked to a 'teenage hacking' group.

Mr Machin said previously: "We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible."

He thanked customers for "all the support you have shown us".

Read more: Marks and Spencer confirms 67 stores will shut over next five years as part of a major overhaul

Read more: Police investigate Marks & Spencer cyber attack as chaos left shelves bare and online sales halted

M&S shares plunged almost 2% on Friday morning, and are now down about 5% from the instance when the firm first disclosed its IT systems had been affected.

As it stands, the cyber attack is still causing huge waves of devastation across the company with no signs of their digital shopping returning to business. Orders and returns online are currently suspended.

Returns are also impacted by the cyber attack with customers told to head to their local stores and find the designated till to return items. You can also return via the post.

Marks and Spencer's Food Hall are currently not accepting returns. Anyone with a gift card will also be unable to use them until matters are resolved.

The Metropolitan Police is investigating the cyber attack, which is believed to have been carried out by a hacking group known as Scattered Spider.

M&S is not the only retailer to have been targeted by hackers in recent days, with Co-op and Harrods also coming under threat.