British clothes-to-food retailer Marks and Spencer on Wednesday said a cyberattack disrupting its online service is set to last through to July and hit group profit by around £300 million ($404 million).
Marks last week revealed that some personal data of its customers had been stolen in a cyberattack that has crippled its online services for weeks.
“In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient,” Marks said in a statement.
“We expect online disruption to continue throughout June and into July as we restart, then ramp up operations.”
The impact on annual group operating profit is estimated at around £300 million, “which will be reduced through management of costs, insurance and other trading actions”, the retailer added.
The news came as Marks on Wednesday reported operating profit before adjusting items of £985 million for its financial year to the end of March.
Following the update, its share price dropped 2.5 percent at the start of trading in London.
Group operations have since Easter been hampered by a ransomware sting which forced the retailer to suspend online sales, contactless payments at stores and even recruiting operations.
Marks said information stolen could include names, dates of birth, home addresses and telephone numbers. However, it did not include “useable payment or card details”, nor account passwords.
The company reported the incident to relevant government authorities and law enforcement.
“There’s still a big unknown regarding any potential fines on Marks and Spencer from the Information Commissioner’s Office, which enforces data protection regulation” in Britain, noted Dan Coatsworth, investment analyst at trading group AJ Bell.
Taking into account the way the fine is calculated and previous penalties handed down to UK companies for data breaches, Marks could take a further hit totalling around £550 million, he added.
– ‘Crime investigation’ –
Britain’s National Crime Agency told the BBC it is investigating a series of cyberattacks including on luxury department store Harrods and the Co-op food chain.
“We are looking at the group that is publicly known as Scattered Spider, but we’ve got a range of different hypotheses,” Paul Foster, head of the NCA’s national cybercrime unit, told a BBC documentary.
The BBC said on its website “the hacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks.”
Despite the Marks attack having a bigger impact, chief executive Stuart Machin described it as only “a bump in the road”.
He added: “It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.”
