Marks & Spencer Website Back Online After Cyberattack
The website of high street retailer Marks & Spencer is once again open for business, weeks after it was forced to halt orders due to a damaging cyberattack. The company confirmed on its website that customers can now place online orders with standard delivery to England, Scotland, and Wales, with delivery to Northern Ireland set to resume in the coming weeks.
In an update posted on the M&S website, the retailer stated: "You can now place online orders with standard delivery to England, Scotland and Wales. Delivery to Northern Ireland will resume in the coming weeks. We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks." The company faced significant disruption after pausing online orders following the cyberattack in April.
According to reports, the cyberattack resulted in the theft of customer personal data, which could have included names, email addresses, postal addresses, and dates of birth. M&S managing director of clothing, home and beauty, John Lyttle, said in a statement published on social media: "More of our fashion, home and beauty products will be added every day, and we will resume deliveries to Northern Ireland and click and collect in the coming weeks. Thank you sincerely for your support and for shopping with us."
The cyberattack, which was attributed to "human error," is expected to cost M&S around £300 million. The company’s 565 stores remained open and operational throughout the incident, but contactless payments were initially impacted, and there were some stock availability issues while the company temporarily switched to manual processes.
M&S chief executive Stuart Machin reported that hackers gained access to the company’s IT systems through a third party. He stated: "We didn’t leave the door open, this wasn’t anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error."
The hackers reportedly sent an abusive email to M&S boss Stuart Machin, gloating about the hack and demanding ransom payment. According to the BBC, the email was sent on 23 April from a hacker group called DragonForce, using the email account of an employee. The email confirmed that the British high street retailer was targeted by a ransomware group, something the company has refused to acknowledge.
The email, seen by the BBC, stated: "We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers. The dragon wants to speak to you so please head over to [our darknet website]." A darknet link shared in the email connected to a portal for DragonForce victims to negotiate a ransom fee.
M&S told The Independent: "We cannot comment on details of or speculation on the cyber incident, and we have been advised not to." DragonForce is the second hacking group to be linked to the M&S cyberattack, with the Scattered Spider network, a group of young hackers across the UK and US, also connected to the incident.
The incident highlights the vulnerability of high street retailers to cyberattacks, and the importance of robust cybersecurity measures to protect customer data. As M&S continues to recover from the incident, customers can now once again shop online with the retailer, with the company working to restore its full range of products and services.
This article is based on reporting from The Independent, which first reported on the M&S cyberattack. The article has been updated to reflect the latest developments, including the reopening of the M&S website and the expected resumption of deliveries to Northern Ireland.
The company has made an official statement about this, as reported by The Independent.
