Cyberattack ate up profits for first half of year, retailer M&S says

The cyberattack on the British retailer Marks & Spencer (M&S) caused profits at the company to plunge to £3.4 million pounds ($4.4 million) in the first half of 2025 — down from £391.1 million ($510 million) during the same period a year ago.

“The first half of this year was an extraordinary moment in time for M&S,” said CEO Stuart Machin, who said the company is “getting back on track” after a cyberattack in April that disrupted online sales for months. The company previously predicted its profits would take a £300 million ($395 million) hit from the incident. 

After discovering the cyberattack, the company disconnected its warehouse management systems and online ordering. Home delivery orders resumed in June and “click and collect” — whereby customers order goods online for pickup — was restored in August, the company said. 

“Practically all operational systems have now been recovered,” the company said in its earnings report. 

M&S said Wednesday that an £100 million ($130.4 million) insurance payment helped to soften the revenue blow. 

The incident — part of a cluster of costly cyberattacks targeting prominent British retailers — is believed to be linked to the Scattered Spider hacking collective. Four people, including one teenage minor, were arrested in July in connection to hacks on Co-op, Harrods and M&S.

Other U.K. clothing retailers have benefited from M&S’s struggles, including Next, which last week reported a 7.6% rise in sales in part due to “competitor disruption.”