Yazılar

M&S Faces $400 Million Hit from Cyberattack, Online Disruption to Last Into July

/in /tarafından

Marks & Spencer (M&S) confirmed on Wednesday that the cyberattack disclosed in April will cost the British retailer approximately £300 million ($403 million) in lost operating profit, with disruption to its online operations expected to continue into July.

The attack, described by the company as “highly sophisticated and targeted“, forced M&S to shut down its automated stock systems, temporarily reverting to manual, pen-and-paper processes to manage billions of pounds worth of fresh food, clothing, and home goods. The fallout led to empty food shelves, delayed deliveries, and significant customer dissatisfaction.

Financial and Operational Impact

The cyberattack has been a major blow to M&S during a crucial period in its ongoing turnaround strategy. It has already:

  • Wiped more than £1 billion off M&S’s market value,

  • Halted online clothing, home and beauty sales, which have been “heavily impacted”,

  • Caused reduced food availability, higher waste, and increased logistics costs.

Despite this, in-store sales have remained “resilient,” and food sales recovered over the past week.

CEO Stuart Machin said the company expects 85% of online clothing and home items to be back on the site in the coming weeks. However, the full system restart will continue into July.

M&S reported £984.5 million in operating profit for the year ended March 29. It expects to mitigate some of the projected £300 million loss through insurance claims, cost-saving measures, and operational recovery.

Source and Method of Breach

Machin reiterated that the breach did not result from a failure in M&S’s own cybersecurity infrastructure. Instead, hackers gained access via “social engineering” at a third-party contractor. The attackers used deceptive methods to trick employees, breaching external access points rather than M&S’s internal systems.

“We didn’t leave the door open. This wasn’t anything to do with underinvestment,” said Machin.

The National Crime Agency has linked the incident to a group of young, English-speaking hackers, part of a wider pattern of cyberattacks affecting UK institutions including the British Library, London Underground, and blood testing services.

Market Reaction and Outlook

Despite the disruption, M&S shares rose 2% on Wednesday, reflecting investor confidence in the company’s recovery efforts. The stock is still down 9% since the attack.

Archie Norman, M&S chairman, acknowledged the setback but remained optimistic about the company’s broader transformation:

“Just as you think you’re onto a good streak, events have a way of putting you on your backside.”

Analysts said M&S’s strong underlying performance — with adjusted pretax profit up 22.2% and sales rising 6.1% to £13.9 billion — suggests its turnaround remains intact. The clothing and food divisions both gained market share, reinforcing the company’s momentum before the attack.

Nevertheless, competitors like Next, John Lewis, Tesco, and Sainsbury’s may benefit from M&S’s temporary online absence.

Cybersecurity Response

M&S stated that it will use the crisis to accelerate improvements in its technology infrastructure, emphasizing the importance of resilience in the face of rising global cyber threats.

The retailer also disclosed a £248.5 million non-cash impairment charge, linked to longer-term digital and operational investments affected by the incident.

M&S Cyberattack Traced to Third-Party Breach, Online Sales Disrupted Until July

/in /tarafından

Marks & Spencer (M&S) confirmed on Wednesday that a recent cyberattack which disrupted its operations originated from a security breach at a third-party contractor, not from within its own IT systems. The attack, first disclosed on April 22, will continue to impact the British retailer’s operations for several more weeks, including a halt to online sales expected to last until July.

In a briefing with reporters, CEO Stuart Machin said hackers used social engineering tactics to infiltrate a contractor’s network, bypassing M&S’s internal digital defences.

“Unable to get into our systems by breaking through our digital defences, the attackers did try another route… entering through a third party rather than a system weakness,” Machin explained.
“Once access was gained, they used highly sophisticated techniques as part of the attack.”

Involvement of Tata Consultancy Services

M&S holds a long-standing IT contract with Tata Consultancy Services (TCS), and a source familiar with the investigation told Reuters that TCS may have been the access point exploited in the breach. TCS declined to comment, and Machin did not confirm whether TCS was the contractor in question.

Timeline and Response

Suspicious activity was first detected over the Easter weekend (April 19–20). According to Machin, the time from breach to detection was relatively short, particularly compared to the industry average of 10 days or more.
Immediately after discovering the breach, M&S involved cybersecurity experts, law enforcement, and government agencies.

So far, 600 systems have been scanned, and the process of gradually bringing them back online is underway.

Online Sales and Business Impact

M&S’s online retail operations remain suspended, and the company does not expect full functionality to resume before July. The company has not disclosed whether a ransom demand was issued, citing official advice.

The UK’s National Crime Agency is investigating the attack, reportedly focusing on a group of young, English-speaking hackers.

Despite having boosted its tech spending threefold over the past three years, Machin stressed that no organization is immune to cyber threats.

M&S generates nearly £14 billion ($19 billion) in annual sales, and the breach marks a major disruption for one of Britain’s most recognized retail brands.

Ransomware Gang Lockbit Reportedly Hacked in Embarrassing Leak

/in /tarafından

In an ironic twist, Lockbitone of the world’s most notorious ransomware gangs — appears to have fallen victim to a cyberattack of its own, according to security analysts and a rogue message posted on one of the group’s darkweb sites.

On Wednesday, Lockbit’s site was replaced with a taunting message that read:

Don’t do crime. CRIME IS BAD xoxo from Prague
The site also included a link to what appears to be a leaked cache of internal data, potentially containing chats between Lockbit members and their victims.

While Reuters has not independently verified the data, multiple cybersecurity experts have assessed the leak and confirmed its authenticity.

It’s legit,” said Jon DiMaggio, chief security strategist at Analyst1.
Christiaan Beek of Rapid7 noted the leak revealed Lockbit’s indiscriminate targeting — even aggressively pursuing small businesses for minor ransom payouts.
They attack everyone,” he added.

Who hacked Lockbit remains unclear, and some of the group’s associated darkweb infrastructure is currently down, with placeholder messages stating sites will be “working soon.” However, the damage may already be done.

This is not the first time Lockbit has faced disruption. In 2023, U.K. and U.S. authorities, alongside international partners, seized parts of the gang’s infrastructure. At the time, Lockbit quickly resurfaced and defiantly declared,

I cannot be stopped.”
But this latest incident appears more personal — and humiliating.

DiMaggio described the breach as a significant blow to the gang’s operations and credibility:

I think it will hurt them and slow them down.”

Lockbit, once dubbed “the Walmart of ransomwaredue to its prolific activity and reach, now faces a potentially destabilizing turn of events — and an unexpected reminder that even cybercriminals aren’t immune to being hacked.