Cyber Attack Hits M&S: Retail Giant Fights to Restore Online Services

Marks & Spencer (M&S) is currently grappling with a significant cyber attack that has led to the temporary shutdown of its online operations, as admitted by CEO Stuart Machin. He expressed his apologies for the disruption, emphasizing that the company is “working day and night” to resolve the situation, although no specific timeline for restoring services has been provided.

The issues started over the Easter weekend, prompting M&S to cease online orders through its website and apps. This attack is part of a troubling trend, as other retailers like the Co-op and Harrods have also reported similar incidents. The National Cyber Security Centre (NCSC) has urged all retailers to heighten their vigilance in light of these developments.

Machin conveyed gratitude towards customers for their ongoing support during this turbulent time. The cyber attack is monumental, affecting a substantial share of M&S’s business since approximately one-third of its clothing and home sales occur online, representing nearly £3.8 million in daily transactions. The incident has adversely impacted stock availability in physical stores, leading to noticeable gaps on food shelves. Moreover, disruptions have occurred in loyalty schemes and gift card transactions, pushing customers to consider alternatives from rival retailers.

The timing of these troubles is particularly challenging for M&S, coinciding with warmer weather that usually increases demand for summer clothing. This has already resulted in a near 2% drop in M&S shares, reflecting investor concerns as prices fell by 5% since the incident’s announcement.

Richard Horne, NCSC chief executive, noted that the recent surge of attacks should prompt a serious wake-up call for major retailers, highlighting their vulnerabilities due to their prominence and reliance on digital operating systems for payments, inventory management, and more.

Helen Dickinson, chief executive of the British Retail Consortium, echoed these sentiments, indicating that while the affected businesses have managed to keep their physical stores open, the risks posed by such cyber threats remain significant.