M&S reopens website weeks after cyber attack as it issues update
Marks & Spencer has resumed online orders – six weeks after it was rocked by a devastating cyber attack.
A message on the retailer’s website says customers can “now place online orders with standard delivery to England, Scotland and Wales”. Deliveries to Northern Ireland will resume “in the coming weeks”. It will also take a number of weeks before click and collect, next day deliveries and overseas orders are resumed, it added.
The reopening of its website for orders marks what bosses will be desperately hoping is a gradual return to normal.
M&S has been left reeling by the cyber attack, which has seen its online clothing, homewares and beauty sales suspended for more than six weeks. The retailer has already estimated it could wipe £300million off its annual profits.
It came after cyber crooks launched an attack on which they stole personal customer data and demanded a ransom before they would release it.
Online has become increasingly important to M&S – as for other retailers – and had more than 10 million “active” customers and over £1.3billion a year of sales.
John Lyttle, managing director of fashion, home and beauty, said in a message to customers: “We are bringing back online shopping this week.
“A selection of our best selling fashion ranges will be available for home delivery in England, Scotland and Wales. More of our fashion, home, and beauty products will be added every day and we will resume deliveries to Northern Ireland and click and collect in the coming weeks. Thank you sincerely for your support and for shopping with us.”
M&S chief executive Stuart Machin , speaking last month, called the attack “the most challenging situation we have encountered”. Prior to the incident, M&S had been recovering after years of failed turnarounds.
Last month’s results also showed annual profits – before the attack emerged – jumped by more than a fifth to £875.5million, its highest in over 15 years.
Mr Machin revealed “human error” from outside the firm allowed hackers to breach its security. He declined to go into detail, but said it involved a “third party”. He added: “This incident is a bump in the road, and we will come out of this in better shape,.”
M&S’s online clothing sales have been paralysed since April 25. A message on its website previously read: “As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites, apps and over the phone.”
Days earlier – on April 22 – the company revealed it had suspended contactless payments in store because of a “cyber incident”. They resumed soon after.
The saga has also hammered M&S’s reputation – and share price – just as it was recovering after many years of failed overhauls. More than £1billion has been wiped off its stock market value since the attack was first revealed. Its shares were up more than 2% in early trading on Tuesday, after online orders restarted.
M&S is among a wave of companies struck by ransomware – a form of malicious software designed to burrow into companies’ systems, steal commercially sensitive information, which is then locked, with crooks demanding their victims pay money before handing them the key.
The Co-op and Harrods have also been hit recently.
Get our money-saving tips and top offers direct to your inbox with the Mirror Money newsletter