M&S aims for full online restoration within four weeks following major cyber attack
The retailer’s CEO has set an August deadline to resolve the bulk of issues from the £300 million breach
Marks & Spencer (M&S) expects its online operations to be fully restored within the next four weeks as the retailer continues its recovery from a major cyber attack in April.
Speaking at the company’s annual general meeting, CEO Stuart Machin said the company hopes to have the “vast majority” of the incident’s impact resolved by August, the BBC reported.
The attack, which the company has attributed to “human error” and estimated will cost around £300 million in lost profit, forced M&S to halt online sales and has significantly disrupted its supply chain, including operations at its key Castle Donington distribution centre. The breach also resulted in the theft of customer personal data.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
The announcement is the latest step in a multi-month recovery process. As ITPro has reported, the crisis first unfolded in April when M&S was forced to suspend all online orders.
M&S later confirmed in May that customer personal data had been compromised, linking the breach to a supply chain partner. By June, the full financial scale of the incident was revealed, with the warning of a £300 million profit hit and continued operational disruption.
While the main e-commerce site for Great Britain has partially resumed service, key functions like click-and-collect and next-day delivery remain offline.
The recovery timeline provides a critical update for a breach that has had a sustained operational and financial impact on one of the UK’s best-known retailers.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
M&S fallout may continue beyond planned restoration date
Julius Cerniauskas, CEO of web intelligence firm Oxylabs, told ITPro that the incident highlights the persistent threat of social engineering.
“Investment alone isn’t a silver bullet," he said. "Attackers are constantly evolving their techniques, and social engineering – tricking people rather than systems – is still one of the most effective entry points.”
Cerniauskas noted that while a full operational recovery by August would be a “solid achievement,” the business impact can continue long after technical systems are restored.
"It’s not a question of if you'll be targeted - but when,” he added.
The fallout from the incident may also affect executive remuneration. According to reports from the Evening Standard, chairman Archie Norman confirmed that any drop in performance caused by the attack "will be taken into account with regards to incentive pay".
Norman added that the recovery is progressing, with "new systems coming back" each week.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Jitterbit eyes global growth under new CRO Chris StoddardNews The former New Relic executive will lead the vendor’s worldwide go-to-market strategy and revenue growth plans
-
This one cyber crime group accounted for nearly a fifth of all ransomware attacks in JuneNews The Gentlemen, a ransomware a service operator, now accounts for 17% of published attacks
-
Working with the enemy: Ransomware negotiator-turned cyber criminal jailed after working with hackers to extort clientsNews Angelo Martino was supposed to be negotiating on behalf of victims, but was secretly working for ransomware operators
-
‘The risk to every organization has increased exponentially’: The FortiBleed campaign just took a turn for the worseNews Reports suggest that FortiBleed-linked exposed credentials could put UK government and public services at huge risk
-
US offers $10m bounty for info on Russia-linked hackers behind Signal and WhatsApp attacksNews UNC5792 and UNC4221 have been targeting government officials through their Signal and WhatsApp accounts
-
Duo accused of role in TfL cyber attack plead guilty after ‘lengthy, highly complex, and painstaking investigation’News Around 10 million people are believed to have been affected by the TfL cyber attack
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businessesNews Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
