The digital storefront of Marks & Spencer has gone dark, with customers greeted by a terse message stating, “Sorry, you can’t browse the site currently. We’re making some updates and will be back soon.” This disruption compounds existing challenges for the retailer, still reeling from the aftermath of a significant cyber-attack last month. The timing couldn’t be worse for M&S, as shoppers increasingly rely on online access. The website outage adds another layer to the challenges M&S faces in restoring its online services and reassuring customers who are increasingly reliant on a seamless digital experience. News of the M&S website outage has spread quickly, raising concerns about the stability of the retailer’s online infrastructure.

The current M&S website outage follows weeks of disrupted online ordering capabilities stemming from that earlier cyber-attack. The company has been contacted for comment, but an official statement regarding the precise nature of the latest website issues is still pending. The lack of immediate clarity has fueled speculation and anxiety among loyal M&S customers.

The root cause of the current disruption appears to be linked to the cyber-attack M&S experienced last month. While the “making some updates” message suggests active efforts to restore and secure the website, the lingering effects of the attack are undeniable. M&S anticipates that online services will continue to be affected until July, with a gradual return to normal operations expected thereafter. This extended timeline underscores the severity of the initial breach and the complexity of the recovery process.

The financial implications of the cyber-attack are substantial. M&S estimates that the incident will negatively impact this year’s profits by approximately £300 million. This figure, exceeding initial analyst predictions, represents a significant portion of the company’s overall profit margin. The cyberattack also resulted in a data breach. Some personal customer data was compromised during the attack. Data potentially stolen includes telephone numbers, home addresses, and dates of birth. While M&S assures customers that payment details and account passwords remained secure, the breach has nonetheless shaken customer confidence. Online order histories may also have been affected, further complicating matters.

The cyber-attack itself occurred over the Easter weekend, initially impacting click-and-collect services and contactless payments. This initial disruption served as an early warning sign of the deeper problems to come. Law enforcement agencies are actively investigating the cyber-attack, with suspicion falling on Scattered Spider, a notorious group of English-speaking hackers, according to reports from the BBC. This group is believed to have been responsible for attacks on other retailers, including the Co-op and Harrods. Their potential involvement suggests a sophisticated and coordinated effort.

According to M&S, the data potentially compromised in the cyber attack includes telephone numbers, home addresses, and dates of birth. However, the company confirms that usable payment or card details and account passwords remained secure. The distinction between compromised and secured data is crucial for understanding the scope and potential impact of the breach on individual customers.

Scattered Spider is a well-known group of English-speaking cybercriminals suspected of conducting sophisticated and targeted attacks on various organizations. Before M&S, the group had been linked to attacks on the Co-op and Harrods, marking a pattern of targeting major retail chains. Their methods are often complex and difficult to trace, making them a formidable threat to businesses worldwide.

In an official statement, M&S Chief Executive Stuart Machin acknowledged the severity of the situation, stating, “Over the last few weeks, we have been managing a highly sophisticated and targeted cyber-attack, which has led to a limited period of disruption.” M&S anticipates disruptions to online services until July, with a gradual restoration of normalcy. The company expects some insurance payout to offset the financial losses, but it will only partially cover the £300 million impact. The reliance on insurance underscores the significant financial burden imposed by the cyber-attack.

The M&S website outage and the preceding cyber-attack underscore the growing threat of cybercrime to major retailers. The incident highlights the importance of robust cybersecurity measures and swift response protocols. As M&S works to restore its online services and mitigate the attack’s impact, customers are advised to stay informed and exercise caution with their personal data. The situation serves as a reminder of the potential consequences of cyber-attacks on businesses and consumers alike. Updates on the M&S website outage and recovery efforts will be provided as they become available.