Marks & Spencer has announced that a significant cyber attack on its online systems will continue to disrupt digital services until at least July 2025, with potential financial losses reaching £300 million.

The British high street giant also warned that the aftermath of the incident could seriously affect its operations and revenue in the weeks ahead.

“In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient,” the firm said in a statement, quoted by AFP.

Last week, the company disclosed that the cyber attack compromised the personal data of some customers.

They also stated they expect “online disruptions to persist through June and into July as we restart and gradually increase operations.”

The ransomware attack, which began around Easter, caused M&S to suspend online sales, contactless payments in stores, and its recruitment systems.

The retailer confirmed that the stolen data may include names, birthdates, home addresses, and phone numbers but reassured customers that no “usable” payment details, card information, or account passwords were compromised.

Despite the difficulties, Marks and Spencer posted an operating profit before adjusting items of £985 million for the financial year ending in March. However, the company estimated the cyberattack would reduce full-year operating profit by approximately £300 million, with this impact partly offset by cost control, insurance claims, and other commercial actions.

Following the announcement, the company’s shares fell 2.5% in early trading.

Marks and Spencer is among several British retailers recently targeted by cybercriminals.