Marks & Spencer said it will require £300 million in profit this year due to harmful cyberattacks.
Its CEO Stuart Machin confirmed that the “threatening actors” gained access to retailer systems through one of the M&S contractors, using “social engineering” technology (e.g., staff who acted as staff members who deceived the helpdesk) that does not attribute to weaknesses in the IT system.
“They used a lot of sophisticated technology,” he said, adding that the invasion was soon discovered over the Easter weekend and that the business had plans ready after the attack last year.
M&S's potential profit grew 22% to £876 million in the year ended March 30, and its potential profit grew 22% to £876 million, with more details.
The company said the bank had more than £400 million in net funds, so it was "in our best financial position in 30 years" before the hack. It said its aim is to reduce the financial impact of the attack to about £150 million through insurance, cost reduction and other actions.
Machin said he hopes the business will "recover" from the disruption, and his website is expected to reopen "within weeks" and may start selling in all product categories by July. “If anything, this event allows us to accelerate the pace of change as we mark and move forward,” he said.
He sees concerns about shoppers’ confidence in the business being hit, saying retailers are “very transparent” about the issue and sending the message quickly.
M&S’s food is selling well now, but the store’s clothing and household goods sales are “softer than we want” because the site’s closure is disrupted.
He admitted that £300 million - about two-thirds of the credit to the sale of clothing - according to analysts - "does sound like a big number" but describing it as "one-off" is not important to the entire business.
There are no plans to offset costs by layoffs or reducing plans to renovate or open stores, with nine new food stores and two full-line media plans this year, Machin said.
The business is making IT investments and will be working on two years of renewal systems within six months, partly helping with forced closures of its website and online distribution centers, making it easier to bring new technology.
Analysts say they expect profit forecasts to drop at least 10% this year.
The UK's largest clothing retailer also sells food and household items, and has been working to recover for a month since the Easter weekend attack on its IT system. The attack forced M&S to stop orders through its website, sell fashion, household goods and gifts through it, while delivering food and fashion to stores, and delivering some delivery to its online food partner Ocado.
M&S acknowledged that some personal information related to thousands of customers was obtained during the cyber attack, including names, addresses, dates of birth and order history.
Machin thanks customers and employees for their support. He said the business is now “focused on recovery with the goal of exiting the business that is stronger”. "We completed the new fiscal year, we started the new fiscal year, and sales of both businesses grew ahead of schedule," he said.
These figures indicate that network failure interrupts M&S’s strong trading period. Overall sales rose 6% to £13.9 billion as of March 30. Food sales rose nearly 9% to £9 billion, while fashion and household goods rose 3.5% to £4.2 billion.
The company hasn't seen much of the number of sales drop since the attack.
After including one-time costs (such as £248.5 million), its Ocado retail joint venture, and the cost of closing and renovating stores, was £84 million, with the company's pre-tax profit falling 24 per cent to £511.8 million.
The attack was attributed to the collectively dispersed spiders of hackers, and a few days ago there were cyber attacks similar to the co-op and the Harolds.