Marks & Spencer has begun to reinstate its online ordering services following a significant cyber attack in April that disrupted operations and led to substantial financial losses. Shoppers can now purchase a selection of fashion items, with homeware and beauty products, along with full delivery services, expected to follow in the coming weeks.
M&S Online Returns After Cyber Attack
Marks & Spencer has announced the phased return of its online shopping services after a cyber attack over the Easter weekend forced the retailer to halt web purchases. Initially, the attack impacted click and collect services and contactless payments, before escalating to a full suspension of online orders. The company had previously warned that disruptions could continue until July.
John Lyttle, managing director of fashion, home, and beauty at M&S, confirmed that a selection of best-selling fashion ranges are now available for home delivery across England, Scotland, and Wales. Beauty and homeware items are expected to become available in the coming days, with delivery to Northern Ireland and click and collect services resuming in the coming weeks.
Customer Experience and Remaining Challenges
While the return of online ordering marks a crucial step towards normalisation, some customers have expressed concerns about the limited availability of products. One customer noted a "very, very thin selection in menswear," with many desired items out of stock. Another customer, who discovered the service had resumed by chance, questioned why delivery charges were not waived as an acknowledgement of the inconvenience caused.
Financial Impact and Data Breach
The cyber attack is projected to cost M&S approximately £300 million in lost profits this year, a sum only partially covered by insurance. The incident also resulted in the theft of some personal customer data, including telephone numbers, home addresses, and dates of birth. M&S has assured customers that no usable payment details, card information, or account passwords were compromised.
Hacker Demands and Ransomware Group
It has been revealed that the hacker group, identified as DragonForce, sent an abuse-filled email directly to M&S chief executive Stuart Machin on 23 April, gloating about the attack and demanding payment. The email, sent from an employee account, confirmed that M&S was targeted by a ransomware group, a detail the retailer had previously declined to acknowledge. Mr Machin has not disclosed whether a ransom was paid.
