M&S Hit by Major Cyber-Attack, Losing Millions Daily as Systems Remain Down

Marks & Spencer (M&S), the UK’s largest clothing retailer, is facing severe disruptions after a major cyber-attack that began over the Easter weekend. The attack has forced the company to halt online orders and affected its in-store operations, resulting in millions of pounds in daily losses.

The company first noticed unusual activity in its tech systems during Easter. Since then, key parts of its operations — including stock management, payments, and online services — have been impacted. M&S has now gone more than a week without taking online orders, and there is little hope of restoring full services soon.

Stores are struggling to keep shelves stocked as automated inventory systems remain offline. In some locations, staff have had to manually check fridge temperatures due to failures in digital monitoring. Online forums report that food waste increased after temporary disruptions in charity donations and price markdown systems.

Despite the difficulties, M&S has managed to restore some services. Contactless payments, gift card use, and refunds are now available. Customers can also collect orders placed before April 23. However, the Sparks loyalty scheme and real-time stock checks remain down.

The cyber-attack is under investigation by the Metropolitan Police and the National Crime Agency. It has been linked to the hacker group Scattered Spider, possibly using a ransomware tool called DragonForce.

The financial toll is mounting. M&S’s online clothing and home sales generate about £3.8 million daily. Analysts estimate the attack has already cut £30 million from annual profits and could cause an additional £15 million loss each week. While some costs may be covered by insurance, the coverage is time-limited.

The retailer's share value has dropped by nearly £750 million since the attack began. However, experts believe the brand's strong customer loyalty will help it recover. Kate Calvert, a retail analyst at Investec, noted that M&S had been performing well before the incident and remains financially strong enough to weather the crisis.

The situation has triggered concern across the UK retail sector. Other major retailers like Co-op and Harrods have also reported IT incidents. The National Cyber Security Centre (NCSC) is working with affected companies and urging all businesses to review their cybersecurity measures.

Retail insiders describe the response as being on a “war footing.” M&S and Co-op both use SAP systems, which are common in the retail industry, raising fears of further attacks through shared suppliers.

Although there is currently no public evidence that customer data was stolen from M&S, experts believe the attackers may soon try to negotiate a ransom. Cybersecurity professionals say such talks are often handled by specialist teams and may be used to buy time for system recovery.

M&S CEO Stuart Machin has urged customers to support physical stores during this time. Despite the crisis, many shoppers have praised store staff for maintaining professionalism under pressure.

M&S is expected to provide a full update during its annual results announcement on May 21. Until then, the retailer continues working around the clock to restore operations and limit further damage.