Well-known retailer lost over a billion dollars after hacker attack

In April, British retailer Marks & Spencer suffered a severe ransomware attack that had a significant impact on its logistics and online sales.

Now, the latest accounts show just how extensive the financial damage has become.

According to Computerworld, the attack has already cost the company 136 million pounds.

This amount covers, among other things, the cost of crisis management, crashed systems and external consulting.

The accounts show how the attack has affected the retailer’s digital operations, which has had a direct impact on sales, especially in the online channels, where many customers have experienced problems shopping.

Billions in lost sales

However, the direct costs are only part of the bill.

Marks & Spencer expects further losses due to lost revenue in the wake of the attack.

According to the company’s own estimates, the total financial loss could reach up to 300 million pounds.

The company’s accounts for the first half of the year also show a drastic drop in profits.

Pre-tax profit has fallen from £392 million to just £3.4 million. This corresponds to a drop of 99 percent.

The management of Marks & Spencer describes the attack as one of the most serious incidents the company has experienced in recent times.

Either sold out very, very early or@marksandspenceris still struggling with stock logistics since the cybersecurity hack? pic.twitter.com/hXs6WCpK4M

– Prof Richard Barker (@swrb1) November 13, 2025

Hacker groups behind the attack

During a hearing in the UK Parliament in June, Marks & Spencer chairman Archie Norman described the gravity of the situation.

– It’s very rare that a criminal actor from another country tries to prevent customers from shopping at M&S, essentially trying to destroy your business. It’s an out-of-body experience, he said.

The attack has been attributed to Malaysian hacker group Dragonforce, but according to cyber experts, the Scattered Spider group may also have been involved.

This group is suspected to have purchased access to Russian-developed ransomware tools.

Investigations into how the hackers gained access to the company’s systems are still ongoing and authorities are working with the company to improve security and prevent similar attacks in the future.