M&S Cyber Attack: Retailer Pauses Online Orders Amid Ongoing Investigation
Marks & Spencer has paused online orders in the UK as it continues to investigate a cyber attack on its systems. The retailer confirmed that it had reported the incident to the National Cyber Security Centre (NCSC) and the National Crime Agency, which is working with the NCSC to support the firm.
According to a spokesperson from the Information Commissioner’s Office, M&S was "assessing the information provided" after the retailer told it about the incident. The firm previously said on Tuesday it had reported the incident to the NCSC, and the National Crime Agency told the BBC that it was working with the NCSC to support the firm.
In an update to investors on Friday, M&S said its decision to pause online orders in the UK formed part of its "proactive management" of the incident. "The M&S team – supported by leading experts – is working extremely hard to restore online operations and continue to serve customers well," it said. The retailer is working to restore online operations as soon as possible, but experts warn that the incident could have a significant impact on the company’s finances.
The incident highlights the growing threat of cyber attacks on major retailers. Nathaniel Jones, vice-president of security and AI strategy at cyber security firm Darktrace, said M&S halting online sales shows "the cascading impact these attacks can have on revenue streams". "It demonstrates how quickly cyber incidents can cripple retail operations across both digital and physical channels," he added.
The impact of the incident on M&S’ finances could be significant, with William Wright, from cybersecurity firm Closed Door Security, believing it could have a "material impact" on the firm. "Data shows almost a quarter of the store’s sales happen online, so no matter how long this pause is put in place, it will hurt M&S financially," he said.
This is not the first time a major retailer has experienced significant disruption to its online services in recent months. Morrisons faced huge problems with its Christmas orders last year, with deliveries cancelled and discounts not applied. This was followed by two major banking outages on what was pay day for many in the first two months of this year. In January, serious IT problems at Barclays affected the bank’s app and online banking. It was later disclosed that Barclays could face compensation payments of £12.5m. In February, several banks – notably Lloyds – faced outages, leaving businesses unable to pay staff.
As the investigation into the M&S cyber attack continues, the retailer is working closely with experts to restore online operations and protect customer data. The incident serves as a reminder of the importance of robust cyber security measures in protecting against the growing threat of cyber attacks. The BBC will continue to provide updates on this developing story as more information becomes available.
The incident has raised concerns about the vulnerability of major retailers to cyber attacks, and the potential impact on their finances and reputation. According to the BBC’s source, M&S is working hard to resolve the issue, but it is unclear how long it will take to fully restore online operations.
Additional reporting by Liv McMahon.
