LONDON, May 21 — British clothes-to-food retailer Marks and Spencer (M&S) today said a cyberattack affecting its online service is set to last through to July and cost the group £300 million (RM1.8 billion).

M&S last week revealed that some personal data of its customers had been stolen in a cyberattack that has crippled its online services for weeks.

"In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient,” M&S said in a statement.

"We expect online disruption to continue throughout June and into July as we restart, then ramp up operations.”

The impact on annual group operating profit is estimated at "around £300 million... which will be reduced through management of costs, insurance and other trading actions”, the retailer added.

The news came as M&S today reported operating profit before adjusting items of £985 million for its financial year to the end of March.

Following the update, its share price dropped 2.5 percent at the start of trading in London.

Group operations have since Easter been hampered by a ransomware sting which forced the retailer to suspend online sales, contactless payments instore and even recruiting operations.

M&S said information stolen could include names, dates of birth, home addresses and telephone number. However, it did not include "useable payment or card details”, nor account passwords.

The company reported the incident to relevant government authorities and law enforcement.

A wave of cyberattacks have hit British retailers in recent weeks, including luxury department store Harrods and the Co-op food chain. — AFP