M&S aims for full online restoration within four weeks following major cyber attack
The retailer’s CEO has set an August deadline to resolve the bulk of issues from the £300 million breach
Marks & Spencer (M&S) expects its online operations to be fully restored within the next four weeks as the retailer continues its recovery from a major cyber attack in April.
Speaking at the company’s annual general meeting, CEO Stuart Machin said the company hopes to have the “vast majority” of the incident’s impact resolved by August, the BBC reported.
The attack, which the company has attributed to “human error” and estimated will cost around £300 million in lost profit, forced M&S to halt online sales and has significantly disrupted its supply chain, including operations at its key Castle Donington distribution centre. The breach also resulted in the theft of customer personal data.
The announcement is the latest step in a multi-month recovery process. As ITPro has reported, the crisis first unfolded in April when M&S was forced to suspend all online orders.
M&S later confirmed in May that customer personal data had been compromised, linking the breach to a supply chain partner. By June, the full financial scale of the incident was revealed, with the warning of a £300 million profit hit and continued operational disruption.
While the main e-commerce site for Great Britain has partially resumed service, key functions like click-and-collect and next-day delivery remain offline.
The recovery timeline provides a critical update for a breach that has had a sustained operational and financial impact on one of the UK’s best-known retailers.
M&S fallout may continue beyond planned restoration date
Julius Cerniauskas, CEO of web intelligence firm Oxylabs, told ITPro that the incident highlights the persistent threat of social engineering.
“Investment alone isn’t a silver bullet," he said. "Attackers are constantly evolving their techniques, and social engineering – tricking people rather than systems – is still one of the most effective entry points.”
Cerniauskas noted that while a full operational recovery by August would be a “solid achievement,” the business impact can continue long after technical systems are restored.
"It’s not a question of if you'll be targeted - but when,” he added.
The fallout from the incident may also affect executive remuneration. According to reports from the Evening Standard, chairman Archie Norman confirmed that any drop in performance caused by the attack "will be taken into account with regards to incentive pay".
Norman added that the recovery is progressing, with "new systems coming back" each week.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
AWS CEO Matt Garman isn’t convinced AI spells the end of the software industryNews Software stocks have taken a beating in recent weeks, but AWS CEO Matt Garman has joined Nvidia's Jensen Huang and Databricks CEO Ali Ghodsi in pouring cold water on the AI-fueled hysteria.
-
Deepfake business risks are growingIn-depth As the risk of being targeted by deepfakes increases, what should businesses be looking out for?
-
Security expert warns Salt Typhoon is becoming 'more dangerous' after Norwegian authorities lift lid on critical infrastructure hacking campaignNews The Chinese state-backed hacking group has waged successful espionage campaigns against an array of organizations across Norway.
-
The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwiseNews Billing itself as the “only place ransomware allowed", RAMP catered mainly for Russian-speaking cyber criminals
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacksNews Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
Hacked London council warns 100,000 households at risk of follow-up scamsNews The council is warning residents they may be at increased risk of phishing scams in the wake of the cyber attack.
-
Cyber crime group claims successful attack on security firm, crows about it on Telegram – but it was all an elaborate honeypotNews Scattered LAPSUS$ Hunters thought it had access to vast amounts of Resecurity's internal data, but the whole thing was just a set-up
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Europol hails triple takedown with Rhadamanthys, VenomRAT, and Elysium sting operationsNews The Rhadamanthys infostealer operation is one of the latest victims of Europol's Operation Endgame, with more than a thousand servers taken down
