Marks and Spencer Online Orders Resume Six Weeks After Cyber Attack

Marks & Spencer has reopened its online ordering service, six weeks after a cyber-attack forced the company to halt online sales. The retailer has confirmed that customers in England, Scotland, and Wales can now place standard delivery orders, with services in Northern Ireland expected to resume in the coming weeks. Additional offerings such as click and collect, next-day delivery, and international orders are set to become available soon.

In a public statement, M&S managing director John Lyttle revealed that a select range of best-selling fashion products are currently available for home delivery, with more items from the company’s fashion, home, and beauty collections being added steadily. Shares in the company rose by 4%, placing it among the top performers on the FTSE 100. However, losses incurred during the suspension of services are estimated at £25m per week, totalling approximately £300m in lost profits for the year. Of that, it is anticipated that around half will be recovered through insurance and other measures.

The cyber-attack, allegedly perpetrated by a hacking collective known as Scattered Spider, disrupted operations over the Easter weekend. As part of the breach, some customer data, including names, addresses, dates of birth, and order histories, was accessed by the attackers. While M&S stores remained open for in-person shopping during the disruption, stock shortages in food and clothing were reported, compounding the financial impact. The company has admitted that the attack hindered its ability to fully benefit from increased consumer spending during a period of warm spring weather.

M&S chief executive Stuart Machin described the experience of learning about the attack as shocking but emphasised the importance of maintaining a calm and composed reaction. Machin stressed his commitment to accelerating digital transformation efforts across the company. A planned overhaul of the company’s IT systems, which was originally projected to take three years, is now expected to be completed within 18 months. The attack has heightened awareness of vulnerabilities in digital infrastructure and reinforced the need for preventive measures.

Other prominent brands, including Adidas, Co-op, and Harrods, have also faced similar cyber-attacks, underscoring a growing threat to the retail sector. M&S is focused on recovering quickly and mitigating further risks, with Machin expressing optimism about the company’s ability to return to stability and growth in the near future.

The incident serves as a reminder of the critical importance of robust cybersecurity measures for businesses operating in an increasingly digital marketplace. Despite the setback, M&S aims to move forward with resilience and renewed focus on safeguarding operations.