**Marks & Spencer Reopens Online Fashion Orders After Six-Week Hiatus Following Cyber-Attack**
Marks & Spencer (M&S) has this week confirmed the gradual restoration of its online fashion shopping service, six weeks after a significant cyber-attack forced the British retailer to suspend digital orders and implement widespread business disruptions. The announcement comes as a relief to customers eager to resume online purchases and is the clearest indication yet that the company is regaining control after the incident.
The cyber-attack, which first emerged as an “incident” on 22 April, affected not only the retailer’s website but also several in-store services. Over the busy Easter weekend, M&S faced considerable operational difficulties: contactless payments were rendered inoperable, customers could not use gift cards, and regular loyalty card scans were temporarily suspended. Some shop shelves were left bare as the company scrambled to manage supply chains and introduced manual workarounds in the wake of the digital breach.
By 25 April, M&S officially paused all online orders to prioritise the safety and security of customer data and operations. It wasn’t until Tuesday, 10 June that the retailer announced partial resumption of its home delivery service. Shoppers in England, Scotland, and Wales are now able to choose from a select range of popular fashion items and new season products online, with the company promising that more lines will be reintroduced in the coming days.
John Lyttle, M&S’s managing director of clothing, home, and beauty, addressed consumers via social media to thank them for their continued patience and loyalty throughout the ordeal. He indicated that the retailer is working hard to add more items and expects both deliveries to Northern Ireland and the Click & Collect service to resume in the forthcoming weeks. Lyttle’s assurance to customers highlights the company’s commitment to rebuilding trust and restoring its full offering as soon as possible.
Despite these advancements, the long-term financial impact of the attack has been considerable. In a recent communication to investors, Stuart Machin, the group’s chief executive, cautioned that M&S may face a hit to trading profits of up to £300 million as a direct consequence of the cyber incident. While the retailer hasn’t confirmed the specific group behind the breach, it is widely believed M&S was one of several high-profile targets of ‘Scattered Spider’ – a cybercriminal collective also linked to attacks at Co-op and Harrods during the same period.
M&S provided an update on 13 May acknowledging that some customer information was indeed compromised. Potentially exposed data could include names, dates of birth, phone numbers, home addresses, email addresses, household details and records of past online purchases. Crucially, the company reassured the public that payment data remains secure; full card details are never stored on its systems, making any intercepted card information unusable to attackers.
In the aftermath, Machin attributed the success of the breach to “human error”, emphasising that it was not a result of under-investment in cyber security infrastructure. The chief executive declined to comment on whether a ransom had been paid, but indicated that attackers likely gained access by way of a third-party supplier connected to M&S’s IT environment – a risk factor faced by many large modern businesses.
Throughout the difficult period, all 565 M&S stores nationwide continued to trade as normal. Although contactless payments and electronic transactions were disrupted, the swift adoption of manual processes limited further damage and allowed essential operations to continue. Some inventory gaps were reported, but the retailer quickly adapted its procedures to mitigate inconvenience to customers.
The ordeal serves as a stark reminder of the increasing prevalence and sophistication of cyber-attacks targeting major high street names. M&S’s swift response, transparent communication, and return to service will now be closely scrutinised as the retailer steps up efforts to regain customer confidence and recover lost ground in a highly competitive market. As business gradually resumes normality, the incident underscores the vital importance of robust cyber defences and strong relationships with technology partners.
For now, M&S shoppers can once again enjoy a growing selection of the retailer’s fashion, homeware, and beauty ranges online, with further improvements and service expansion expected in the weeks ahead.