London, United Kingdom — Marks & Spencer (M&S) has resumed its click and collect service for clothing and home items, nearly 15 weeks after suspending the offering due to a significant cyberattack.
The retailer halted all online orders and in-store collection services on April 25 as the attack disrupted its operations. Online ordering partially resumed on June 10, and the company has now confirmed that customers can once again collect purchases in stores. Additionally, customers can return online orders at any M&S location.
The cyberattack compromised some customer data, prompting M&S to advise shoppers to remain vigilant against fraudulent emails, calls, or messages posing as communications from the retailer.
Beyond affecting online sales, the breach also impacted in-store availability, with reports of empty shelves in the immediate aftermath. The retailer estimates the incident will reduce profits by approximately £300 million for the current fiscal year, though it anticipates some recovery through insurance coverage.
M&S Chief Executive Stuart Machin had told investors in July that the company expected to move past the worst effects of the attack by August.
While the retailer has not publicly identified the perpetrators, it confirmed the incident was a ransomware attack. The UK’s National Crime Agency (NCA) named the cybercriminal group Scattered Spider as a key focus in their ongoing investigation.
In July, four individuals connected to cyberattacks on M&S and the Co-op were arrested and later released on bail pending further inquiries.
Leave a comment