Marks & Spencer has been forced to pause online orders while the retailer deals with a cyberattack that has seen the high street giant’s stock market value drop by £500m
Marks & Spencer has faced the week from hell as a sophisticated cyberattack continues to wreak havoc on the high street giant.
Initially, customers reported problems with using contactless card payments and the Click and Collect service, and then on Friday last week, the retailer paused orders through its website and app. In a new update on Tuesday, April 30, M&S confirmed that some of its stores faced “limited availability” on products.
M&S has not confirmed how widespread the issue is, only noting that there were “pockets of limited availability in some stores”.
A M&S spokesperson said: “As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline. As a result, we currently have pockets of limited availability in some stores. We are working hard to get availability back to normal across the estate.”
READ MORE: M&S cyber attack that has crippled sales is ‘linked to gang of teenage hackers’
Empty shelves
Some Marks & Spencer stores have been left with empty shelves as the high street chain continues to be disrupted.
In one shop, signs were displayed on hot food counters saying they were “temporarily closed.” It said: “Due to technical issues, we aren’t able to offer these products at the moment. We’re working hard to resolve the problem and will have these items back in stock as quickly as possible.”
Shelf stock is expected to return to normal within a few days. According to a report by The Grocer Magazine, M&S staff are now also actively having to check the chillers in its stores over fears defrost alarms have been compromised. The retailer’s decision to take systems offline has also disrupted M&S’s donations of surplus food from stores to charities.
Alongside this, M&S is also experiencing issues with a “small proportion” of products it supplies to Ocado, which delivers M&S online orders and is part-owned by the retailer. M&S did not confirm the number of items affected but said it had worked with Ocado and its suppliers “to minimise any disruption to the small proportion of the range delivered through our network to Ocado.”
Online orders paused
For the meantime, Marks & Spencer has temporarily paused online orders. A message on the M&S website says: “As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites, apps and over the phone. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
“We have informed customers that there is no need for them to take any action. That remains the case, and if the situation changes we will let them know. Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping. We are incredibly grateful to our customers, colleagues and partners for their understanding and support.”
Profit loss
The cyber hack has wiped more than £500million off M&S’s stock market value over the last week, and the retailer is reportedly losing around £ 3.8million a day in lost sales for its online clothing and homeware ranges.
According to its latest financial results, one third of M&S’s clothing and household goods sales in the UK are through its online platforms and were worth around £1.2billion.
‘Teen hackers’
A teenage hacking group known as Scattered Spider, reportedly including members as young as 16, has been linked to the attack on the popular high street retailer. The group is believed to be behind the ongoing breach that has disrupted the company’s operations.
M&S has remained tight-lipped about the source of the attack, although it is said to be working with GCHQ’s National Cyber Security Centre as well as an outside firm of experts.
Scattered Spider is believed to be behind the ransomware-style attack – where criminals infiltrate IT systems, lock access using malicious software, and demand payment to unlock the data.
According to tech site BleepingComputer, M&S’s servers were initially breached in February, with the attack escalating on April 24 when the hackers allegedly deployed a tool called DragonForce. While there is no confirmed evidence yet of stolen data being leaked, concerns remain that sensitive information could be exposed on the dark web.
The group, also referred to by Microsoft as “Octo Tempest,” is known for operating on real-time hacking forums and has evolved from financial fraud into corporate extortion. Scattered Spider was previously linked to a high-profile breach of MGM Resorts in 2023, where it accessed systems via the company’s internal IT helpdesk.
Staff told ‘stay at home’
Earlier this week, M&S told hundreds of agency workers to stay at home following the attack.
Sky News reports that the alert was issued to roughly 200 people at the M&S Castle Donington clothing and homewares logistics centre in the East Midlands. M&S did not provide further when contacted by The Mirror.
READ MORE: Teeth whitening powder with ‘amazing results’ less than £18 in bank holiday deal
