M&S reveals real cost of cyber attack that left supermarket giant's shelves empty

Marks & Spencer has revealed how much it expects the cyber attack that hit the department store earlier this year to cost. Shelves at several M&S stores were left empty following the attack, which the supermarket giant believes may cost it roughly £136million.

The retail giant's profits tumbled 55.4% to £184.1 million in the six months to September 27. The major cyber attack forced online home and fashion sales to plunge by more than 40% when it was forced to halt website orders. M&S say they were able to recover £100 million in its first half through an insurance payout for the hack.

The total impact is lower than than the £300 million cost estimate given by M&S in May. As the cyber attack wrecked havoc the group said sales online were down 42.9% and 3.4% lower across its stores.

Stuart Machin, chief executive of M&S, said the retailer is only "now getting back on track". He added: "The first half of this year was an extraordinary moment in time for M&S.

"However, the underlying strength of our business and robust financial foundations gave us the resilience to face into the challenge and deal with it."

Mr Machin said the group also faced cost increases of more than £50 million from the national insurance hike in April over its first half, but that he expects profits to be "at least in line with last year" in the final six months of its financial year as it ramps up its cost-cutting target to £600 million.

The high street stalwart stopped all online sales for around six weeks while the return of M&S' click-and-collect took longer. The service allows customers to make purchases online and then pick then up in-store the next day.

It relies on incorporating the retailer's online ordering platforms, payment systems, inventory management, and in-store logistics.

Customer personal data - which could have included names, email addresses, postal addresses and dates of birth - was also taken by hackers.

The stolen information did not include payment or card details, or account passwords, according to M&S. The 141-year old retailer said hackers broke into systems by tricking employees at a third-party contractor.

In May, Mr Machin said the attack, which was caused by "human error", was expected to cost the company around £300 million, before insurance claims or cost reductions to offset the impact.