**Marks & Spencer Grapples with Prolonged Cyber Attack Disruption, Website Down Overnight**
Marks & Spencer (M&S), one of the UK’s best-known high street retailers, continues to contend with the fallout of a significant cyber attack, as customers faced fresh challenges this week. The retailer’s website was inaccessible overnight, compounding ongoing difficulties that began nearly a month ago.
Customers attempting to access the M&S website during the night were greeted with a holding message indicating that the site was undergoing updates and temporarily unavailable for browsing. The online platform was restored in the early hours of Thursday, 22 May, but remained restricted to browsing only, with the ability to make online purchases still suspended.
This follows a protracted period of disruption for M&S’s digital operations. Since 25 April, shoppers have been unable to complete online orders, though the company has kept the website open for browsing and product discovery. The original cyber incident came to light on 22 April, with the company declaring the attack shortly thereafter.
A spokesperson for the retail chain explained that overnight maintenance was part of ongoing recovery efforts to restore normal service. “Our website is open for browsing. As we work to get things back to normal for our customers, we are doing some overnight updates,” the company said.
The impact of the attack has been severe for the retailer, which is now facing consequences not only for its reputation but also its finances. Stuart Machin, M&S’s chief executive, estimated a trading profit loss of up to £300 million as a direct result of the persistent outage. In a statement, Machin expressed gratitude for the patience and loyalty shown by customers and reassured stakeholders that efforts to resolve the issues were ongoing.
Machin acknowledged the significant disruption, particularly for the company’s fashion, homeware and beauty online sales, which have been “heavily impacted.” Meanwhile, food sales also suffered from diminished product availability, although the company affirmed that supply was gradually returning to normal.
The company has warned both customers and investors that online sales could be affected until at least July. However, there is cautious optimism that online ordering capabilities could resume sooner, with the chief executive indicating that the company is preparing to restart orders “within a matter of weeks.”
Security experts believe that the cyber attack was likely orchestrated by a group known as Scattered Spider, which has been linked to similar high-profile hacks targeting Co-op and Harrods during the same period. On 13 May, M&S confirmed that customer data had been accessed during the breach. The compromised information may include names, dates of birth, phone numbers, physical addresses, email addresses, household information and order histories. The company assured customers that no full card payment details had been stored on their systems and thus could not be exploited.
Addressing the causes of the attack, Machin cited human error but declined to comment on whether M&S had paid a ransom to the perpetrators. Reports suggest that hackers exploited vulnerabilities stemming from a third-party supplier with access to M&S systems, a growing risk in increasingly interconnected commercial infrastructure.
Robert Cottrill, technology director at digital consultancy ANS, emphasised the importance of taking a measured approach to recovery. He stated, “The scale and complexity of M&S’s operations, paired with the need to restore critical systems and data securely, necessitates a thorough and meticulous process. Ensuring a robust recovery and preventing future incidents must be the priority, even if it prolongs disruption.”
As M&S works through this challenging period, industry observers highlight the broader need for retailers to review cyber security measures in an era of mounting digital threats. Customers are being urged to remain vigilant for any suspicious activity related to their accounts and to maintain regular monitoring of personal data. The situation underscores both the opportunities and vulnerabilities inherent in digital retail and serves as a timely reminder for organisations to continually strengthen their cyber defences.