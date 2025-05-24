British retail giant Marks & Spencer is bracing for losses exceeding $400 million following a severe cyberattack, which has disrupted its business and exposed sensitive customer data.

What Happened: According to a note from the company, the cyberattack has taken a toll on M&S’s fiscal year 2025-2026 operating budget, with a projected $403 million dip in profits “before cost mitigation, insurance and trading actions.”

In the statement, CEO Stuart Machin revealed that the company has been grappling with the cyberattack for several weeks, leading to a “limited period of disruption.”

Despite the hurdles, the team has been working round the clock to manage the incident and restore normal operations, with customer service being a top priority.

Machin, however, cautioned that sales disruptions could persist for the next two months. The cyberattack, which was announced on April 22, has significantly affected online sales and trading profit, especially in the Fashion, Home, and Beauty sectors.

The cybercriminals succeeded in accessing sensitive personal information of M&S customers, including contact details, date of birth, and online order history.

The breach is suspected to be part of a larger operation by a hacking group known as “DragonForce,” which has also claimed responsibility for a similar incident at the Co-op Food grocery chain in the UK.

Why It Matters: This incident underscores the increasing threat posed by cyberattacks to businesses worldwide. It highlights the need for robust cybersecurity measures and the potential financial implications of such breaches.

As companies continue to digitize their operations, the risk of cyberattacks and the associated financial and reputational damage is likely to rise.

This incident serves as a wake-up call for businesses to prioritize cybersecurity and invest in measures to protect their operations and customer data.

