
Market Capitalization Decline (Yahoo! Finance)
Marks & Spencer has encountered a significant disruption to its IT systems, an issue that has persisted for nearly a week and wrought serious consequences for the business. Analysts estimate that the incident has resulted in a £678 million (approximately $940 million) decline in the retailer’s market capitalization. Since April 22, shares of the FTSE 100-listed company have fallen by roughly 7%.
The disruption has primarily impacted online sales of clothing and home goods, a segment that generated £1.27 billion last year — equating to about £3.5 million in daily revenue. As of April 25, the company halted order processing on its online platform, and 200 temporary staff at the Leicestershire distribution centre were sent home. Contactless payment systems in several stores ceased functioning, and the click-and-collect service was suspended. Additionally, certain return counters are no longer accepting items for refund.
The company has acknowledged that it is currently unable to provide a timeline for restoring normal operations. Some customers have already received notifications regarding delivery delays, while support services admit they are “uncertain when the service will be operational again.” Nevertheless, company officials have stated there is no evidence to suggest that customer data has been compromised.
Among industry experts, the incident has raised suspicions of a classic ransomware-style attack. According to legal expert Andrew Northage, symptoms such as halted operations and the inability to process orders suggest extortion may be involved. He noted that the company is likely still attempting to discern the attackers’ motivations — whether financial ransom or a bid for publicity.
The crisis threatens to derail an ambitious corporate revival under the leadership of CEO Stuart Machin. Last year, M&S reported pre-tax profits of £716 million, with results for the current fiscal year due to be announced on May 21. Analysts now fear that competitors such as Next or John Lewis may temporarily seize market share.
The retailer has reported the breach to the UK’s Information Commissioner’s Office (ICO), as mandated by law, and is cooperating with the National Cyber Security Centre. Under current regulations, companies are required to notify the ICO of any potential data breach within 72 hours of discovery.
For now, M&S executives have declined further comment, leaving the true extent of the attack’s impact on the brand’s corporate reputation unclear. Nonetheless, analysts believe the short-term setbacks are unlikely to inflict lasting damage — provided the cyber incident does not escalate into a major data leak.