Key Points:
- Marks & Spencer has restored online ordering for clothing in England, Scotland, and Wales after a nearly seven-week outage caused by a cyber attack.
- The breach is expected to reduce profits by around £300 million this fiscal year, though insurance and cost-saving measures may offset half the loss.
- While security has been strengthened, both customers and analysts stress that full services—including homeware, Northern Ireland delivery, and click‑and‑collect—will resume gradually.
Retail giant Marks & Spencer (M&S) has restarted online shopping for its fashion ranges in Great Britain following a prolonged suspension triggered by a cyber attack over the Easter weekend. The resumption covers standard home delivery in England, Scotland, and Wales, while additional services—including homeware, beauty, and fulfillment in Northern Ireland—will follow in the coming weeks.
The attack, believed to have begun around April 22 and executed via a phishing breach at a third-party supplier, halted online orders for clothing and homeware on April 25. It also disrupted contactless payments and click-and-collect services during a crucial holiday period. The ensuing disruption plummeted some food availability on store shelves and forced M&S to revert to manual operations in its supply chain.
John Lyttle, M&S Managing Director for fashion, home, and beauty, described the return to online services as a “key milestone,” noting that the company initially focused on restocking its best-selling and new fashion items. “We’ll be bringing product online every day so customers will see that grow,” he said.
Partial Comeback Boosts Market Confidence
Shares in the 141-year-old retailer responded positively to the relaunch, climbing roughly 3–4 percent, as investors welcomed the return of digital revenues. However, analysts caution that the company’s recovery remains fragile. With the cyber attack expected to cost approximately £300 million in operating profit—half of which may be offset by insurance and cost reductions—M&S described the financial hit as “significant but manageable.”
Despite the restoration of core services, full online capability is unlikely before July, with international delivery, click-and-collect fulfillment, and expanded homeware and beauty lines still pending.
Other Top Headlines:
- Apple Shows Off New ‘Liquid Glass’ Design for Its Devices
- Cybersecurity Analyst
- Is cybersecurity certification worth it?
Strengthened Security and Customer Trust
Reports indicate that the breach stemmed from “social engineering” targeting a supplier’s workforce, which allowed hackers to infiltrate M&S’s systems. In response, the retailer has implemented enhanced cybersecurity measures and expedited a planned upgrade of its IT infrastructure.
An M&S spokesperson assured customers that “security measures have been strengthened to prevent further breaches,” although few technical specifics were disclosed. Meanwhile, CEO Stuart Machin described the incident as a “setback” but emphasized that the experience would accelerate the company’s IT transformation, with some updates fast-tracked to complete within eighteen months rather than years.
Analysts, including those from the Financial Times, suggest that while the attack may dent M&S’s reputation in the short term, its established brand loyalty, improving food and fashion performance, and transparent crisis response could mitigate long-term damage. Yet, competition from other retailers during M&S’s outage emphasized the need for swift and secure digital recovery.