M&S cyberattack to reduce profits by £300m

Marks & Spencer (M&S) has confirmed that it anticipates a £300 million reduction in operating profits this year due to a cyberattack, which the company attributed to "human error" rather than vulnerabilities in its IT systems or cyber defences. M&S also warned that the disruption to its online operations is expected to persist until July. 

Reporting its latest annual results, M&S said it intends to mitigate the profit impact of the attack through "management of costs, insurance, and other trading actions."

The company's Chief Executive, Stuart Machin, declined to confirm whether a ransom was paid. However, a related FT article (£) highlights that Machin faces stands to lose up to £1.06 milliion through a combination of his performance share plan and deferred bonus as a result of the attack.  

Meanwhile, BBC News reports that the National Crime Agency (NCA) has said that the hacker community Scattered Spider is a target of criminal investigation into several recent cyberattacks against UK retailers. Paul Foster, head of the NCA's national cyber-crime unit, told a BBC documentary: "We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders.

"In light of all the damage that we're seeing, catching whoever is behind these attacks is our top priority."

£ - The Financial Times article requires a subscription.

A version of the FT article is available without subscription in The Guardian.