The high street retail giant halted orders on its website and saw empty shelves after being targeted by hackers around the Easter weekend.
Marks & Spencer has said a damaging cyber attack caused by “human error” will cost the company around £300 million.
The high street retail giant said disruption to online shopping could continue into July but it hopes to have this partly restored “within weeks”.
M&S halted orders on its website and saw empty shelves after being targeted by hackers around the Easter weekend.
Customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken by hackers in the attack.
Chief executive Stuart Machin told reporters that hackers gained access to the company’s IT systems through a third party after “human error”.
The boss said he has been in touch with other industry bosses to discuss hacks, with rivals the Co-op and Harrods also targeted with cyber attacks in recent weeks.
He added: “We didn’t leave the door open, this wasn’t anything to do with under-investment.
“Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.”
The retailer revealed on Wednesday morning that online sales and profits in its fashion, home and beauty business have been “heavily impacted”.
Disruption to online operations is set “to continue throughout June and into July as we restart, then ramp up operations”, it said.
However, it indicated that shoppers will see improvements over the coming weeks.
Mr Machin suggested around 85% of its online operations are likely to be restored soon, as the company focuses on certain parts of its operations first.
He added that clothing and home sales have been “resilient” in stores in recent weeks.
Meanwhile, food sales were affected by reduced availability but the business stressed this is “already improving”.
The group has also reported “additional waste and logistics costs” after switching to manual processes following the attack.
M&S said the incident is likely to drag its group operating profits down by around £300 million this year, but it expects this to be reduced through cost management, insurance and other reactions.
The company suggested it could reduce the impact of the attack by as much as “half”.
Mr Machin said: “It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.
“There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate the pace of change as we draw a line and move on.
“This incident is a bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders.”
M&S Full Year Results 2024/25
Read our Full Year results here: https://t.co/bMtRWuv9ob
Hear the headlines from our Chief Executive, Stuart Machin, and two of our brilliant store managers, Lucy Grimes and Laura Smith. Watch the video 👇 pic.twitter.com/ZDto6gbO65
— M&S News (@MandSnews) May 21, 2025
It came as the company reported a higher-than-expected adjusted pre-tax profit of £875.5 million for the year to March, up 22.2% on the previous year.
The group was buoyed stronger profits in its food arm, which saw sales increase by 8.7% to £9 billion over the year.
M&S revenues grew by 6% to £13.8 billion as a whole for the year, as fashion, home and beauty sales grew by 3.5%.
The company is currently undergoing a major transformation programme, which is including changes to its shop estate.
The retailer, which currently has 565 stores, said it plans to have 600 stores by 2028, comprising 420 bigger food stores and 180 full clothing, home and food stores.
It added that the plan is still on track despite the recent disruption.
M&S also said it has accelerated plans to invest in improvements to its technology to now take place over the next six months, after previously indicating it would take two years.
