Yahoo Finance

Marks & Spencer has said a damaging cyber attack caused by “human error” will cost the company around £300 million.

The high street retail giant said disruption to online shopping could continue into July but it hopes to have this partly restored “within weeks”.

M&S halted orders on its website and saw empty shelves after being targeted by hackers around the Easter weekend.

Customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken by hackers in the attack.

Chief executive Stuart Machin told reporters that hackers gained access to the company’s IT systems through a third party after “human error”.

The boss said he has been in touch with other industry bosses to discuss hacks, with rivals the Co-op and Harrods also targeted with cyber attacks in recent weeks.

He added: “We didn’t leave the door open, this wasn’t anything to do with under-investment.

“Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.”

The retailer revealed on Wednesday morning that online sales and profits in its fashion, home and beauty business have been “heavily impacted”.

Disruption to online operations is set “to continue throughout June and into July as we restart, then ramp up operations”, it said.

However, it indicated that shoppers will see improvements over the coming weeks.

Mr Machin suggested around 85% of its online operations are likely to be restored soon, as the company focuses on certain parts of its operations first.

He added that clothing and home sales have been “resilient” in stores in recent weeks.

Meanwhile, food sales were affected by reduced availability but the business stressed this is “already improving”.

The group has also reported “additional waste and logistics costs” after switching to manual processes following the attack.

M&S said the incident is likely to drag its group operating profits down by around £300 million this year, but it expects this to be reduced through cost management, insurance and other reactions.

The company suggested it could reduce the impact of the attack by as much as “half”.

Mr Machin said: “It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.

“There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate the pace of change as we draw a line and move on.

“This incident is a bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders.”