British retailer Marks and Spencer saw its half-year profits more than halved as a result of a cyberattack that brought its online business to a grinding halt.
In a statement on Wednesday, M&S said its underlying pre-tax profits tumbled 55.4% to £184.1 million (€208.89mn) in the six months to 27 September largely on the back of a 40% collapse in online home and fashion sales after it was forced to halt online orders. Firm food sales helped cushion the blow.
M&S had to stop all online sales for around six weeks and suffered empty shelves due to disruption to its logistics systems after hackers targeted the business around the Easter weekend. The company has said the attack was due to “human error”.
The hack cost it £324mn (€282.14mn) in lost sales but that it was able to recover £100mn through an insurance payout.
It added that the attack is set to impact profits by around £136mn (€154.28mn), including about another £34mn (€38.58mn) in the final six months of the year.
The main business to suffer was M&S's fashion arm which saw overall sales down 16.4% in the first half of the year, with online sales down 42.9%.
The hack, one of the most disruptive in British corporate history, also saw customers' personal data, which could have included names, email addresses, postal addresses, and dates of birth, taken by hackers.
“The first half of this year was an extraordinary moment in time for M&S," said Stuart Machin, chief executive of M&S. "We are now getting back on track.”
M&S resumed home deliveries in June after the hack, but did not restart click and collect orders until August.
The company said online sales have been improving and the group expects overall trading to be fully recovered by the end of its financial year. However, it said the “recovery” has been slower in fashion, home, and beauty than it has been in food.
Dan Coatsworth, head of markets at AJ Bell, said M&S's “catastrophic summer” could well have long-term implications for the company.
“Its rivals made hay while the sun shone, with Next among the names luring customers away from M&S during the lengthy period of disruption," he said. “M&S says the recovery in trading for clothing has been slower than food, suggesting that some people who tasted the flavours of rival retailers might not necessarily come back quickly.”
M&S has not been the only British retailer to suffer disruption to its business as a result of a cyberattack. Harrods, the luxury London department store, and the Co-op have also been targets. It remains unclear if the three attacks are linked, and police investigations are ongoing.
Experts, including those from the UK's National Cyber Security Centre are saying that generative artificial intelligence is accelerating the threat landscape, and that firms and individuals have to stay on top of developments and shore up their defences against cyberattacks.
