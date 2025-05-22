Retailers in Australia are being warned by Australian Federal Government Cyber security experts to be extra careful, after Marks & Spencer, one of Britain’s largest retailers, confirmed that a recent cyberattack has severely impacted its operations, with the Company facing estimated losses of approximately A$750 million.

The cyber breach, described as “highly sophisticated,” emerged over the past Easter weekend and has crippled key systems, forcing the retailer to pause online orders.

Staff have been relying on manual processes, and food waste has surged due to supply chain disruptions.

While food deliveries to stores have resumed smoothly, online orders for clothing and home goods remain unavailable, and customers are unable to access the retailer’s loyalty program. Marks & Spencer stated that full online operations will not resume until July.

“This has been a challenging time,” said Stuart Machin, M&S Chief Executive, during a call with analysts on Wednesday. “We’re now focused on recovery, and customers should be able to shop in our stores as normal,” he added, noting that online orders will take weeks to restart.

Cyberattacks have become increasingly common in the UK, affecting businesses, charities, and hospitals. Even after containment, the long-term impact on operations can be severe.

The breach comes as M&S undergoes a transformation aimed at accelerating sales growth and maintaining its relevance on Britain’s high streets. Reduced food availability has hurt sales, while increased waste and logistics costs will impact profits this quarter. The company’s clothing, home, and beauty divisions have also suffered.

M&S claims that that insurance and cost-cutting measures could offset some of the financial damage, potentially reducing losses by half.

The retailer plans to fast-track a technology upgrade within six months—far ahead of its original two-year timeline.

Investigations into the cyberattack suggest the involvement of hacker group Scattered Spider, notorious for social engineering tactics and ransomware attacks. The breach was reportedly caused by human error, allowing hackers access through a third-party supplier.

Scattered Spider has been linked to other high-profile cyber incidents, including attacks on MGM Resorts and Caesars Entertainment in 2023.

M&S previously acknowledged that customer data had been stolen, though payment information and account passwords were not compromised. The company insists there is no evidence that stolen data has been widely shared.

Recent UK government data indicates that one in five businesses has fallen victim to cybercrime within the past year. Other British retailers, including Harrods and Co-op, have also faced cyberattacks in recent months.