M&S Cyber Attack Wipes £300m in Revenue: 'Sophisticated Impersonation' Behind Major Breach

Retail giant admits long recovery ahead as cyberattack disrupts systems, damages brand, and shakes investor confidence

£300 Million Revenue Loss from Cyber Breach

Marks & Spencer (M&S) has confirmed a £300 million hit to revenue following a devastating cyber attack in April. The breach, which involved “sophisticated impersonation” of a third party, severely impacted both store stock levels and online operations.

Speaking before MPs, Chairman Archie Norman said the business remains in "rebuild mode" and expects disruption to continue "for some time".

Timeline of the Attack

• 17 April: Attackers accessed M&S systems through a third-party impersonation
• 19 April (Easter Saturday): Breach detected
• 22 April: Customers notified
• FBI and UK authorities were alerted promptly
• Attacker identified as potentially part of the Scattered Spider group—known for targeting large corporations

M&S refused to confirm whether a ransom was paid, citing legal concerns and ongoing cooperation with the National Crime Agency (NCA).

Massive Business Disruption

The breach led to:

• Empty shelves in physical stores
• Restricted online shopping functions
• Weeks of reduced operations and customer complaints
• Significant pressure on brand trust and digital infrastructure

The chairman noted, “Once your systems are compromised, and you're going to have to rebuild anyway, the damage is already done.”

Insurance and Recovery

M&S has:

• Doubled its cyber insurance cover last year
• Trebled its cybersecurity team to 80 people
• Doubled cybersecurity spending
• Filed a “substantial” insurance claim to cover damages
• Estimated full recovery from insurance could take up to 18 months

The £300 million revenue loss figure excludes any insurance recovery, meaning the final net cost to the company may be lower—but not insignificant.

Impact on Share Price and Investor Sentiment

The attack has shaken investor confidence:

• M&S share price dropped over 6% in the days following the disclosure
• Market value declined by more than £500 million at its worst point
• Concerns persist around operational resilience and future earnings impact

While shares have partially recovered, analysts warn the brand’s digital credibility may take longer to restore.

Key Lessons for Businesses

M&S issued a stark warning to other firms:

“Make sure you can run your business on pen and paper,” said General Counsel Nick Folland.

The incident highlights the importance of:

• Strong cybersecurity protocols
• Regular penetration testing
• Offline contingency plans

What It Means for Investors

Risk Awareness

Cyber threats pose an increasing risk to retail and consumer sectors, where digital dependency is high.

Recovery Watch

Investors should monitor:

• Insurance payout progress
• System upgrades and operational recovery
• Customer sentiment and e-commerce growth

Long-Term Opportunity

If M&S executes a successful digital rebuild and regains customer trust, this may become a buy-the-dip moment—but only for risk-tolerant, long-term investors.

Sources: (SKY.com, ChatGPT)