A cyberattack has caused losses of up to 300 million pounds to the British chain Marks & Spencer.

Marks & Spencer has announced a £300 million loss following a cyberattack that halted online sales, with services not expected to be fully restored until July. The British retailer became aware of the breach when it detected suspicious activity over the Easter weekend of April 19 and 20.

Hackers broke into its systems by tricking employees of the security contractor responsible for Marks & Spencer. Stuart Machin, M&S's chief executive, provided the first details since the breach was revealed on April 22: all companies are vulnerable, and M&S has strengthened its defenses by tripling its technology spending in the last three years.

M&S has an IT contract with Tata Consulting Services. "Unable to break into our systems by breaching our digital defenses, the attackers attempted another route, using social engineering and gaining access through a third party rather than a system weakness. Once they gained access, they used highly sophisticated techniques as part of the attack," they explained.

The time elapsed between the hackers' access and detection was "brief." Experts told the company that the average was 10 days, and in some cases, several months. The British National Crime Agency told the BBC that the investigation into the attack was focusing on a group of young, English-speaking hackers.

M&S, which has a turnover of nearly 14 billion pounds ($19 billion) a year, immediately called in experts, partners, and authorities, Machin explained. Some 600 systems have been analyzed for damage.