Marks & Spencer (M&S) expects its online operations to be fully restored within the next four weeks as the retailer continues its recovery from a major cyber attack in April.
Speaking at the company’s annual general meeting, CEO Stuart Machin said the company hopes to have the “vast majority” of the incident’s impact resolved by August, the BBC reported.
The attack, which the company has attributed to “human error” and estimated will cost around £300 million in lost profit, forced M&S to halt online sales and has significantly disrupted its supply chain, including operations at its key Castle Donington distribution centre. The breach also resulted in the theft of customer personal data.
The announcement is the latest step in a multi-month recovery process. As ITPro has reported, the crisis first unfolded in April when M&S was forced to suspend all online orders.
M&S later confirmed in May that customer personal data had been compromised, linking the breach to a supply chain partner. By June, the full financial scale of the incident was revealed, with the warning of a £300 million profit hit and continued operational disruption.
While the main e-commerce site for Great Britain has partially resumed service, key functions like click-and-collect and next-day delivery remain offline.
The recovery timeline provides a critical update for a breach that has had a sustained operational and financial impact on one of the UK’s best-known retailers.
M&S fallout may continue beyond planned restoration date
Julius Cerniauskas, CEO of web intelligence firm Oxylabs, told ITPro that the incident highlights the persistent threat of social engineering.
“Investment alone isn’t a silver bullet," he said. "Attackers are constantly evolving their techniques, and social engineering – tricking people rather than systems – is still one of the most effective entry points.”
Cerniauskas noted that while a full operational recovery by August would be a “solid achievement,” the business impact can continue long after technical systems are restored.
"It’s not a question of if you'll be targeted - but when,” he added.
The fallout from the incident may also affect executive remuneration. According to reports from the Evening Standard, chairman Archie Norman confirmed that any drop in performance caused by the attack "will be taken into account with regards to incentive pay".
Norman added that the recovery is progressing, with "new systems coming back" each week.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Logitech's MX Master 4 mouse and its 'Action Ring' is a game-changer for modern worknews The MX Master 4 is a great example of Logitech's approach to the future of work and a great solution to software tool sprawl
-
Organizations around the world are unprepared for the threat from bad bots – and UK businesses are some of the worst performersNews As AI-driven bot traffic booms, legacy defenses are failing fast
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
-
Millions of customers have been exposed in the Qantas cyber attack – here’s everything we know so farNews While details remain murky, cyber experts told ITPro the Qantas incident bears all the hallmarks of the Scattered Spider ransomware group.
-
British IT worker jailed for revenge attack on employer that caused a “ripple effect of disruption” for colleagues and customersNews West Yorkshire man Mohammed Umar Taj was suspended from his job in Huddersfield in July 2022, and began taking revenge within hours.
-
Financial impact of cyber attacks on UK retailers laid bare in new reportNews Analysis from the Cyber Monitoring Centre shows the recent cyber attacks on a host of UK retailers could cost up to £440 million.
-
A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here's what you need to knowNews Researchers at SecurityScorecard have issued a warning about a new China-linked threat campaign, dubbed 'LapDogs', targeting IoT devices and home routers.
