Clients have been unable to order merchandise from M&S on-line for 3 weeks.
The information comes after an announcement final week that some prospects’ private information had been accessed within the current assault on the corporate.
The retailer admitted that “private buyer information” had been stolen by the gang behind the assault. Nonetheless, the corporate stated this didn’t embody “useable fee or card particulars” or passwords.
However M&S stated that for “additional peace of thoughts” prospects shall be prompted to vary their passwords subsequent time they log in to their on-line accounts.
Here’s what we know so far about the M&S cyber attack.
What happened in the M&S cyber attack?
Marks & Spencer first revealed the cyber attack on Monday, April 21, after customers reported payment issues and delays receiving online orders.
In an email to shoppers, M&S chief executive Stuart Machin wrote: “Over the last few days, M&S has been managing a cyber incident. To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience.
“Importantly, our stores remain open, and our website and app are operating as normal. There is no need for you to take any action at this time, and if the situation changes, we will let you know.”
Availability of some food and drink products was affected by the cyber attack (Jonathan Brady/PA)
PA Wire
“This is a pretty bad episode of ransomware,” he stated.
“It’s a extremely disruptive occasion and a really tough one for them to take care of.”
“I might recommend there’s a excessive stage of confidence this can be a ransomware-style occasion,” Dan Card, cyber professional at BCS, the chartered institute for IT, instructed the BBC.
“I describe these as like a digital bomb has gone off. So recovering from them is usually each technically and logistically difficult… the sufferer organisation is probably going going to be working across the clock to reply and recuperate.”
Ransomware is a kind of malicious software program that locks or encrypts a sufferer’s information and calls for fee, normally in cryptocurrency, to revive entry.
Who was behind the M&S cyber assault?
It stated the group was suspected of breaching M&S programs as early as February 2025, allegedly stealing the Home windows area’s NTDS.dit file—a delicate database containing person credentials. They’re additionally believed to have used ransomware to encrypt elements of M&S’s infrastructure.
Additionally referred to as UNC3944, Octo Tempest or Muddled Libra, Scattered Spider is reportedly recognized for using superior social engineering techniques, together with phishing and multi-factor authentication (MFA) fatigue assaults, to infiltrate giant organisations.
Phishing tips customers into revealing delicate info, whereas MFA fatigue includes bombarding customers with repeated login requests in hopes they’ll approve one out of frustration or confusion.
The incident comes within the wake of a lot of UK retailers, together with Marks and Spencer and Co-op, being hit by hackers (PA)
PA Archive
“Scattered Spider is likely one of the most harmful and energetic hacking teams we’re monitoring,” Graeme Stewart, the top of public sector at safety firm Examine Level, told Sky News.
“Since they first appeared in 2022, they have been linked to more than 100 targeted attacks across industries such as telecoms, finance, retail and gaming.”
BleepingComputer reported that DragonForce ransomware was deployed to VMware ESXi hosts on April 24 to encrypt digital machines. The group reportedly gained entry to M&S programs and remained undetected for weeks.
Scattered Spider reportedly contains younger hackers, some as younger as 16, who frequent hacker boards, Telegram channels, and Discord servers. Some members are additionally believed to be linked to the “Com”, a loosely affiliated group recognized for cyber and real-world legal exercise that has drawn media attention.
What impact has the cyber attack had on M&S?
“Since the incident, food sales have been impacted by reduced availability, although this is already improving,” M&S said.
“We have also incurred additional waste and logistics costs, due to the need to operate manual processes, impacting profit in the first quarter.
“In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient.”
M&S estimates that it’s going to lose roughly £300 million because of the cyber assault.
“As a workforce, we’ve got labored across the clock with suppliers and companions to comprise the incident and stabilise operations, taking proactive measures to minimise the disruption for purchasers,” the retailer stated.
“We’re centered on restoration, restoring our programs, operations and buyer proposition over the remainder of the primary half, with the intention of exiting this era a a lot stronger enterprise.”
Nayna McIntosh, a former M&S govt and founding father of Hope Trend, stated the choice to halt on-line orders was corresponding to “chopping off a limb.”
Susannah Streeter, head of cash and markets at Hargreaves Lansdown, stated the pause on on-line orders shall be “massively damaging for gross sales”.
“Trend gross sales are prone to take an enormous hit significantly because the assault has come throughout the spell of warm weather when summer season ranges would ordinarily be piling up in digital baskets,” she added. “Whereas different retailers haven’t been resistant to IT breaches, the depth of Marks and Spencer’s issues in resolving the difficulty are worrying, and it could take a while to win again some warier buyers.”
Shares fell 2.2 per cent to 377.3p on the finish of April, with greater than £700 million wiped from the corporate’s market worth for the reason that cyber assault.
When will I have the ability to order on-line from M&S once more?
It isn’t but recognized precisely when M&S will have the ability to take on-line orders once more.
Nonetheless, the corporate revealed that it expects disruption up till late July.
“We count on on-line disruption to proceed all through June and into July as we restart, then ramp up operations,” M&S stated.
