For generations, Marks & Spencer (M&S) has been a staple of the British high street, known for its dependable clothing, food, and home goods. But in the first half of 2025, the venerable retailer faced an unprecedented crisis: a devastating cyberattack that nearly wiped out its profits, upended operations, and sent shockwaves through the UK retail sector.
According to BBC, M&S's statutory profit before tax plummeted 99% from £391.9 million in the first half of 2024 to just £3.4 million in the same period of 2025. The sharp drop followed a cyberattack in April that forced the retailer to disconnect its warehouse management systems and suspend online ordering, disrupting both digital and in-store sales for months. CEO Stuart Machin described the episode as “an extraordinary moment in time for M&S.”
“We entered 2025/26 with strong trading momentum and a clear plan to invest in transformation and growth. However, in the first few weeks of the financial year, we experienced a cyber incident. We responded quickly and took immediate action to protect our customers, our suppliers and the business which included proactively taking some of our systems offline,” Machin said in the company’s earnings report, as cited by ITPro.
The attack, which struck around the Easter weekend, halted all online sales for approximately six weeks, with click-and-collect services suspended for nearly four months. Even in-store operations suffered, with some shelves left bare as the retailer struggled to adapt to manual processing and disrupted logistics. Deliveries to stores and to M&S’s online food partner, Ocado, were also affected. The company attributed the incident to a social engineering scam that impersonated employees and IT help desks, a tactic increasingly common in today’s cyber threat landscape.
The financial toll was staggering. Euronews reported that online home and fashion sales collapsed by 40%, with the fashion arm’s overall sales down 16.4% and online sales plunging 42.9%. The company estimated the direct hit to profits at around £300 million, with total lost sales reaching £324 million. To soften the blow, M&S received a £100 million insurance payout, recovering about a third of its losses. Nevertheless, the company still recorded almost £102 million in one-off costs in the first half of the year alone, including legal and professional support and bringing its tech team in-house. An additional £34 million in similar costs is expected in the second half of the year.
As BBC noted, M&S’s adjusted profit before tax—stripping out some exceptional costs—was £184 million for the first half of 2025, down from £413 million a year earlier. The company’s underlying strength, however, was evident in its food sales, which rose 7.8% during the crisis. Judith MacKenzie, head of Downing Fund Managers, told BBC’s Today programme, “Given that they were offline for most of the trading period and really only came back online for their click and collect in August, it’s pretty, pretty resilient.”
Despite the adversity, M&S’s leadership remained cautiously optimistic. Machin emphasized that “practically all operational systems have now been recovered” and predicted that profits would recover in the crucial Christmas period. He told analysts, “In May, we anticipated the material impact of the incident on group operating profit to be around £300 million this financial year, and we are broadly in line with that.” The company expects full-year profits to be in line with last year as the residual effects of the incident continue to fade.
The cyberattack also exposed customers’ personal data—including names, email addresses, postal addresses, and dates of birth—raising concerns about privacy and corporate cybersecurity. The incident was linked to the Scattered Spider hacking collective and the DragonForce Ransomware as a Service operation, both of which have also targeted other major UK retailers such as Harrods and the Co-op. In July, four people, including one minor, were arrested as part of a National Crime Agency investigation into the attacks, according to ITPro.
Experts have warned that paying ransom demands rarely restores full access to compromised systems. Simon Phillips, CTO of Engineering at CybaVerse, told ITPro, “Paying ransom demands rarely reinstates full system access and organizations will often still suffer operational downtime and significant losses even after paying.” The UK’s National Cyber Security Centre has highlighted the growing threat posed by generative artificial intelligence, urging firms to bolster their cyber defenses.
While M&S struggled to recover, competitors seized the opportunity to attract its customers. Next, a rival UK clothing retailer, reported a 10.5% increase in sales in October, building on a 7.6% rise earlier in the year. Dan Coatsworth, head of markets at AJ Bell, told Euronews, “Its rivals made hay while the sun shone, with Next among the names luring customers away from M&S during the lengthy period of disruption.” He added, “M&S says the recovery in trading for clothing has been slower than food, suggesting that some people who tasted the flavours of rival retailers might not necessarily come back quickly.”
Adding to the uncertainty, the UK government’s decision to hold its Budget on November 26, 2025, and the Chancellor’s speech have not inspired confidence among shoppers. Machin remarked, “The presentation may have calmed the bonds markets, but it hasn’t really calmed our customers. They might be planning for a good Christmas, but they’re also planning for the worst when it comes to the budget.” There is growing concern that taxes could be raised, further dampening consumer sentiment.
Yet, there are signs of resilience. M&S resumed home deliveries in June and restored click-and-collect services in August. The company’s food sales, including popular items like rose mulled wine and men’s washable tuxedos, have been strong. Investor sentiment, as relayed by analyst Ms Rumbold to BBC, suggests that the disruption “was a one-off” and that “normal trading can therefore resume and the positive story M&S had going prior to the cyber-attack remains in place.”
As the retailer works to restore its reputation and regain lost ground, its experience serves as a stark warning to other businesses. The costs of a major cyberattack—financial, operational, and reputational—can be severe and long-lasting, even for the most established brands.
With the busy holiday season approaching and most systems back online, M&S is betting on a return to form. The company’s journey through crisis and recovery is a reminder that in today’s digital world, resilience and vigilance are as essential as ever for survival and success.
