M&S aims for full online restoration within four weeks following major cyber attack
The retailer’s CEO has set an August deadline to resolve the bulk of issues from the £300 million breach
Marks & Spencer (M&S) expects its online operations to be fully restored within the next four weeks as the retailer continues its recovery from a major cyber attack in April.
Speaking at the company’s annual general meeting, CEO Stuart Machin said the company hopes to have the “vast majority” of the incident’s impact resolved by August, the BBC reported.
The attack, which the company has attributed to “human error” and estimated will cost around £300 million in lost profit, forced M&S to halt online sales and has significantly disrupted its supply chain, including operations at its key Castle Donington distribution centre. The breach also resulted in the theft of customer personal data.
The announcement is the latest step in a multi-month recovery process. As ITPro has reported, the crisis first unfolded in April when M&S was forced to suspend all online orders.
M&S later confirmed in May that customer personal data had been compromised, linking the breach to a supply chain partner. By June, the full financial scale of the incident was revealed, with the warning of a £300 million profit hit and continued operational disruption.
While the main e-commerce site for Great Britain has partially resumed service, key functions like click-and-collect and next-day delivery remain offline.
The recovery timeline provides a critical update for a breach that has had a sustained operational and financial impact on one of the UK’s best-known retailers.
M&S fallout may continue beyond planned restoration date
Julius Cerniauskas, CEO of web intelligence firm Oxylabs, told ITPro that the incident highlights the persistent threat of social engineering.
“Investment alone isn’t a silver bullet," he said. "Attackers are constantly evolving their techniques, and social engineering – tricking people rather than systems – is still one of the most effective entry points.”
Cerniauskas noted that while a full operational recovery by August would be a “solid achievement,” the business impact can continue long after technical systems are restored.
"It’s not a question of if you'll be targeted - but when,” he added.
The fallout from the incident may also affect executive remuneration. According to reports from the Evening Standard, chairman Archie Norman confirmed that any drop in performance caused by the attack "will be taken into account with regards to incentive pay".
Norman added that the recovery is progressing, with "new systems coming back" each week.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
AI adoption rates aren’t matching IT hypeNews The appetite for AI is there, but a range of issues are hampering adoption
-
Barracuda targets channel growth with partner program revampNews The refreshed channel initiative introduces new incentives, tools, and unified tiering to help partners drive growth and profitability.
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in lifeNews With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Cloudflare warns state-backed hackers are ‘weaponizing legitimate enterprise ecosystems’ as ‘living off the land’ attacks surge
News Chinese, North Korean, and Russian-backed threat groups now favor longer-term compromises over brute force attacks
-
DIY hackers are turning to ‘flat-pack’ malware components to speed up attacks and cut costsNews While these malware campaigns are very basic, researchers noted “they still work”
-
Security expert warns Salt Typhoon is becoming 'more dangerous' after Norwegian authorities lift lid on critical infrastructure hacking campaignNews The Chinese state-backed hacking group has waged successful espionage campaigns against an array of organizations across Norway.
-
The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwiseNews Billing itself as the “only place ransomware allowed", RAMP catered mainly for Russian-speaking cyber criminals
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacksNews Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
Hacked London council warns 100,000 households at risk of follow-up scamsNews The council is warning residents they may be at increased risk of phishing scams in the wake of the cyber attack.
