Find out all the latest on the fallout of the cyber attack on M&S
- Emily Mee, Consumer Reporter
M&S has revealed it’s bringing back online shopping after weeks of chaos.
The posh supermarket was forced to suspend its online shopping after it was hit by a massive cyber attack.
1
In a statement today it said shoppers will be able to buy items online again “this week”.
A section on the M&S website says: “You can now place online orders with standard delivery to England, Scotland and Wales.
“Delivery to Northern Ireland will resume in the coming weeks.
“We will resume Click & Collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks.”
Read more on M&S
In a separate statement, the supermarket said a “selection of our best selling fashion ranges will be available for home delivery to England, Scotland and Wales”.
“More of our fashion, beauty and home products will be added every day and we will resume home deliveries to Northern Ireland and Click and Collect in the coming weeks,” it said.
The supermarket added: “Thank you sincerely for your support and for shopping with us.”
The Sun understands the majority of items are now available on the website and it will be fully operational in the coming weeks.
The news comes as M&S has spent weeks grappling with the fallout of the cyber attack.
Up until now it has not been able to confirm when it would bring back online shopping.
All iPhone and Android users must switch on two settings to stop bank-raiding attack – worrying sign means it’s too late
The cyber attack kicked off over Easter weekend and has been one of the worst to hit the high street in years.
M&S was forced to suspend its online orders and it also had major issues with Click and Collect, gift vouchers and its supply chain.
Some stores were stripped of staples like bananas and Colin the Caterpillar cakes, while meal deals were pulled in some branches.
The attack has caused a £300million blow to profits and customer info was also nicked during the breach.
Security experts have blamed notorious cyber gang “Scattered Spider” for the chaos.
Timeline of the attack
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the “cyber incident” in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms “minor, temporary changes” to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of “proactive management”.
- Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S’s share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
- Tuesday, May 13: M&S revealed that some customer information has been stolen.
- Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July.
M&S recently issued an update for customers with gift vouchers following the attack.
Shoppers had been unable to use their vouchers in the wake of the attack but they appear to be working again now.
However the supermarket told customers they wouldn’t get extensions of the expiry dates on vouchers due to expire.
But in better news for shoppers it confirmed those who missed out on their birthday treat would still be able to get one.
People who use the Sparks loyalty card can get a freebie on their birthday but customers were unable to claim them in May because the system was done.
M&S has said people who were eligible for a birthday treat last month can get them at a later date once the system is fully restored.
Which other retailers have been hit by cyber attacks?
M&S isn’t the only store facing cyber trouble.
Co-op was forced to shut down part of its IT system after facing a hacking attempt last month.
The supermarket said it had “taken proactive steps to keep our systems safe”.
But it was later revealed that the personal data of a “significant number” of its 6.2million customers and former members had been stolen.
This included names, contact information, and dates of birth.
The retailer told customers that passwords, credit card details, and transaction information were not compromised.
Full services resumed on May 14, following the reactivation of its online ordering system.
Read More on The Sun
Luxury retailer Harrods was also another victim of last month’s hacking saga.
It told shoppers there was “restricted internet access” due to the attempted breach, which caused difficulties for some customers trying to make payments.
What is a cyber attack?
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
- Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
- Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
- Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
- SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
- Ransomware: Malware that encrypts a victim’s data and demands a ransom for its release.
- Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
